File rubygem-actionpack-2_3.changes of Package rubygem-actionpack-2_3.869

-------------------------------------------------------------------
Fri Sep  7 18:54:19 UTC 2012 - mrueckert@suse.de

- added 3-0-strip_tags.patch: (bnc#775649)
  Do not mark strip_tags result as html_safe CVE-2012-3465

-------------------------------------------------------------------
Wed Jul 18 14:57:18 UTC 2012 - mrueckert@suse.de

- added 2 patches to fix security issues:
  2-3-null_param.patch       (CVE-2012-2660) (bnc#765097)
  2-3-null_array_param.patch (CVE-2012-2694) (bnc#766791)
- track series file from quilt for easier handling

-------------------------------------------------------------------
Wed Aug 17 12:02:42 UTC 2011 - mrueckert@suse.de

- update to version 2.3.14
  - fix fixing strip tags vulnerability (bnc#712057)
  - fixing response splitting problem (bnc#712058)

-------------------------------------------------------------------
Mon Jun 20 16:27:43 UTC 2011 - mrueckert@suse.de

- update to version 2.3.12
  - dont call destroy on a session if it doesnt respond to destroy
  - fix session timeout handling

-------------------------------------------------------------------
Wed Feb 16 11:09:20 UTC 2011 - mrueckert@suse.de

- update to version 2.3.11: (bnc#668817)
  - XSS Risk in mail_to :encode=>:javascript CVE-2011-0446
  - CSRF Bypass Risk CVE-2011-0447
  - Filter Problems on Case Insensitive Filesystems CVE-2011-0449
  - Potential SQL Injection with limit() CVE-2011-0448

-------------------------------------------------------------------
Mon Jan 17 13:21:21 UTC 2011 - mvidner@suse.cz

- Split off doc and testsuite subpackages.

-------------------------------------------------------------------
Wed Oct 27 11:34:50 UTC 2010 - mrueckert@suse.de

- update to version 2.3.10
  * Version bump.

-------------------------------------------------------------------
Sun Sep  5 11:07:19 UTC 2010 - mrueckert@suse.de

- update to version 2.3.9
  * Version bump.

-------------------------------------------------------------------
Tue May 25 16:08:12 UTC 2010 - mrueckert@suse.de

- use rubygems_requires macro

-------------------------------------------------------------------
Tue May 25 15:07:19 UTC 2010 - mrueckert@suse.de

- update to version 2.3.8
  * HTML safety: fix compatibility *without* the optional rails_xss
    plugin.
- additional changes from version 2.3.7
  * HTML safety: fix compatibility with the optional rails_xss
    plugin.  [Nathan Weizenbaum, Santiago Pastorino]
- additional changes from version 2.3.6
  * JSON: set Base.include_root_in_json = true to include a root
    value in the JSON: {"post": {"title": ...}}. Mirrors the Active
    Record option.  #2584 [Matthew Moore, Joe Martinez, Elad
    Meidar, Santiago Pastorino]
  * Ruby 1.9: ERB template encoding using a magic comment at the
    top of the file.  [Jeremy Kemper] <%# encoding: utf-8 %>
  * Fixed that default locale templates should be used if the
    current locale template is missing [DHH]
  * Fixed that PrototypeHelper#update_page should return html_safe
    [DHH]
  * Fixed that much of DateHelper wouldn't return html_safe?
    strings [DHH]
  * Fixed that fragment caching should return a cache hit as
    html_safe (or it would all just get escaped) [DHH]
  * Introduce String#html_safe for rails_xss plugin and
    forward-compatibility with Rails 3.  [Michael Koziarski,
    Santiago Pastorino, José Ignacio Costa]
  * Added :alert, :notice, and :flash as options to
    ActionController::Base#redirect_to that'll automatically set
    the proper flash before the redirection [DHH].
  * Added ActionController::Base#notice/= and
    ActionController::Base#alert/= as a convenience accessors in
    both the controller and the view for flash[:notice]/= and
    flash[:alert]/= [DHH]
  * Added cookies.permanent, cookies.signed, and
    cookies.permanent.signed accessor for common cookie actions
    [DHH].
- removed actionpack-2.3.5_button_to.patch:
  included in update

-------------------------------------------------------------------
Thu Feb 18 14:09:24 UTC 2010 - aduffeck@novell.com

- add a patch to fix (bnc#581792):
  https://rails.lighthouseapp.com/projects/8994/tickets/3448-button_to-does-not-return-an-html-safe-string

-------------------------------------------------------------------
Fri Jan 15 14:21:37 UTC 2010 - mrueckert@suse.de

- fix requires on rack. gem spec and code disagree with each other.

-------------------------------------------------------------------
Tue Dec  1 18:19:07 UTC 2009 - chris@computersalat.de

- update to version 2.3.5
  - Minor Bug Fixes and deprecation warnings
  - Ruby 1.9 Support
  - Fix filtering parameters when there are Fixnum or other
    un-dupable values.
  - Improvements to ActionView::TestCase
  - Compatiblity with the rails_xss plugin 
- removed actionpack-2.3.4_number_to_human_size_fix_eb30c695444b904d7937c8c12c59da9a8c4d60e5.patch:
  included in update

-------------------------------------------------------------------
Fri Nov 20 13:53:22 UTC 2009 - mrueckert@suse.de

- added actionpack-2.3.4_number_to_human_size_fix_eb30c695444b904d7937c8c12c59da9a8c4d60e5.patch
  fix number_to_human_size (bnc#545720)

-------------------------------------------------------------------
Thu Sep 10 12:03:08 UTC 2009 - adrian@suse.de

- update to version 2.3.4

-------------------------------------------------------------------
Fri Jun  5 16:58:30 CEST 2009 - mrueckert@suse.de

- add rails-2.3.2_http_auth_digest_nil_check.patch:
  do not allow authentication with a missing password (bnc#509914)

-------------------------------------------------------------------
Mon Mar 16 20:34:36 CET 2009 - mrueckert@suse.de

- starting package for the rails 2.3 series

-------------------------------------------------------------------