Update Devise to 4.7.1

Description

Devise Gem for Ruby confirmation token validation with a blank string

Devise before 4.7.1 confirms accounts upon receiving a request with a blank confirmation_token, if a database record has a blank value in the confirmation_token column.

However, there is no scenario within Devise itself in which such database records would exist.

Patched versions: >= 4.7.1
Unaffected versions: none

Testing

Make sure you can log in with your current account and that you can create and activate a new one.

Environment

None

Status

Assignee

Unassigned

Reporter

Sarken

Roadmap

Login

Priority

Medium

Affects versions

0.9.253

Fix versions

Components

BackEnd

Difficulty

Medium

Required Access Level

None

Epic Link

Milestone

Internal 0.9