Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix CVE-2019-5421: Devise Vulnerability
This changes updates to Devise 4.6.2. > Details > > CVE-2019-5421 > > Patched version: 4.6.0 > > Devise ruby gem before 4.6.0 when the lockable module is used is > vulnerable to a time-of-check time-of-use (TOCTOU) race condition due to > increment_failed_attempts within the Devise::Models::Lockable class not > being concurrency safe.
- Loading branch information