fix: Remove account_id from params since it is not used (#13116)

account_id was permitted in strong parameters, allowing authenticated admins to transfer resources (Portals, Automation Rules, Macros) to arbitrary accounts. Fix: Removed account_id from permitted params in 4 controllers: - portals_controller.rb - automation_rules_controller.rb - macros_controller.rb - twilio_channels_controller.rb
2025-12-19 17:07:53 -08:00
parent c22a31c198
commit 86da3f7c06
5 changed files with 20 additions and 17 deletions
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -140,24 +140,27 @@ GEM
      actionmailbox (>= 7.1.0)
      aws-sdk-s3 (~> 1, >= 1.123.0)
      aws-sdk-sns (~> 1, >= 1.61.0)
-    aws-eventstream (1.2.0)
-    aws-partitions (1.760.0)
-    aws-sdk-core (3.188.0)
-      aws-eventstream (~> 1, >= 1.0.2)
-      aws-partitions (~> 1, >= 1.651.0)
-      aws-sigv4 (~> 1.5)
+    aws-eventstream (1.4.0)
+    aws-partitions (1.1198.0)
+    aws-sdk-core (3.240.0)
+      aws-eventstream (~> 1, >= 1.3.0)
+      aws-partitions (~> 1, >= 1.992.0)
+      aws-sigv4 (~> 1.9)
+      base64
+      bigdecimal
      jmespath (~> 1, >= 1.6.1)
-    aws-sdk-kms (1.64.0)
-      aws-sdk-core (~> 3, >= 3.165.0)
-      aws-sigv4 (~> 1.1)
-    aws-sdk-s3 (1.126.0)
-      aws-sdk-core (~> 3, >= 3.174.0)
+      logger
+    aws-sdk-kms (1.118.0)
+      aws-sdk-core (~> 3, >= 3.239.1)
+      aws-sigv4 (~> 1.5)
+    aws-sdk-s3 (1.208.0)
+      aws-sdk-core (~> 3, >= 3.234.0)
      aws-sdk-kms (~> 1)
-      aws-sigv4 (~> 1.4)
+      aws-sigv4 (~> 1.5)
    aws-sdk-sns (1.70.0)
      aws-sdk-core (~> 3, >= 3.188.0)
      aws-sigv4 (~> 1.1)
-    aws-sigv4 (1.5.2)
+    aws-sigv4 (1.12.1)
      aws-eventstream (~> 1, >= 1.0.2)
    barnes (0.0.9)
      multi_json (~> 1)