Minor release
v2.34.0 - Security release and a few bugfixes
Avo is the first well documented admin gem that is able to deal with all types of objects provided by active record, including polymorphic models and direct upload for cloud storage providers.
Thank you for this wonderful product.
Hey everyone ๐
Quick release here fixing some security issues and a few bugfixes.
๐ธ Features
- use avo translations as fallback
๐ Bug Fixes
- sidebar broken on mobile view
- actions with locales broken
- Handle missing field_options more gracefully.
๐ Security
- Possible unsafe reflection / partial DoS https://github.com/avo-hq/avo/security/advisories/GHSA-86h2-2g4g-29qx
- Stored XSS (Cross Site Scripting) in html content based fields https://github.com/avo-hq/avo/security/advisories/GHSA-5cr9-5jx3-2g39
Back to work
I just came back from the Rails Saas conference. Fantastic organization, great speakers, and kind attendees. I got a lot of good inspiration for Friendly.rb.
That's it for today. It's time to focus on Avo 3.
Thanks for being awesome!
Adrian and Paul
Release notes: https://avohq.io/releases/2.34
Release video: https://youtu.be/Jlv4PpVg2CA
Twitter: https://twitter.com/avo_hq
Repo: https://github.com/avo-hq/avo
Subscribe to Short Ruby Newsletter: https://shortruby.com/
Subscribe to SupeRails: https://www.youtube.com/@SupeRails
Subscribe to Rails tricks: https://www.railstricks.com/
Friendly.rb: https://friendlyrb.com/
Release notes
More information and release video here
๐ธ Features
- use avo translations as fallback
๐ Bug Fixes
- sidebar broken on mobile view
- actions with locales broken
- Handle missing field_options more gracefully.
๐ Security
- Possible unsafe reflection / partial DoS https://github.com/avo-hq/avo/security/advisories/GHSA-86h2-2g4g-29qx
- Stored XSS (Cross Site Scripting) in html content based fields https://github.com/avo-hq/avo/security/advisories/GHSA-5cr9-5jx3-2g39