File rubygem-actionview-4_2.changes of Package rubygem-actionview-4_2.5663

-------------------------------------------------------------------
Mon Aug 28 16:10:33 UTC 2017 - rsalevsky@suse.com

- update to version 4.2.9 (bsc#1055962)
  * CVE-2016-0752.patch and CVE-2016-2098.patch got merged upstream

  ## Rails 4.2.9 (June 26, 2017) ##
  *   No changes.

  ## Rails 4.2.8 (February 21, 2017) ##
  *   No changes.

  ## Rails 4.2.7 (July 12, 2016) ##
  *   No changes.

  ## Rails 4.2.6 (March 07, 2016) ##
  *   Fix stripping the digest from the automatically generated img tag alt
      attribute when assets are handled by Sprockets >=3.0.

      *Bart de Water*

  *   Create a new `ActiveSupport::SafeBuffer` instance when `content_for` is flushed.

      Fixes #19890

      *Yoong Kang Lim*

  *   Respect value of `:object` if `:object` is false when rendering.

      Fixes #22260.

      *Yuichiro Kaneko*

  *   Generate `week_field` input values using a 1-based index and not a 0-based index
      as per the W3 spec: http://www.w3.org/TR/html-markup/datatypes.html#form.data.week

      *Christoph Geschwind*

  ## Rails 4.2.5.2 (February 26, 2016) ##
  *   Do not allow render with unpermitted parameter.

      Fixes CVE-2016-2098.

      *Arthur Neves*

  ## Rails 4.2.5.1 (January 25, 2015) ##
  *   Adds boolean argument outside_app_allowed to `ActionView::Resolver#find_templates`
      method.

      *Aaron Patterson*

  ## Rails 4.2.5 (November 12, 2015) ##
  *   Fix `mail_to` when called with `nil` as argument.

      *Rafael Mendonça França*

  *   `url_for` does not modify its arguments when generating polymorphic URLs.

      *Bernerd Schaefer*

  ## Rails 4.2.4 (August 24, 2015) ##
  * No Changes *

  ## Rails 4.2.3 (June 25, 2015) ##
  *   `translate` should handle `raise` flag correctly in case of both main and default
      translation is missing.

      Fixes #19967

      *Bernard Potocki*

  *   `translate` allows `default: [[]]` again for a default value of `[]`.

      Fixes #19640.

      *Adam Prescott*

  *   `translate` should accept nils as members of the `:default`
      parameter without raising a translation missing error.  Fixes a
      regression introduced 362557e.

      Fixes #19419

      *Justin Coyne*


  *   `number_to_percentage` does not crash with `Float::NAN` or `Float::INFINITY`
      as input when `precision: 0` is used.

      Fixes #19227.

      *Yves Senn*

  ## Rails 4.2.2 (June 16, 2015) ##
  * No Changes *

-------------------------------------------------------------------
Mon Mar  7 17:37:58 UTC 2016 - jmassaguerpla@suse.com

- fix bsc#968849: CVE-2016-2098: rubygem-actionpack: Possible remote
  code execution vulnerability in Action Pack

-------------------------------------------------------------------
Tue Jan 26 16:36:05 UTC 2016 - jmassaguerpla@suse.com

- fix bnc#963332 - CVE-2016-0752: rubygem-actionpack,
  rubygem-actionview: directory traversal and information leak in
  Action View
  CVE-2016-0752.patch: contains the security fix

-------------------------------------------------------------------
Fri Jul  3 10:20:28 UTC 2015 - jmassaguerpla@suse.com

- updated to version 4.2.2, no changes
  (updated to match activesupport-4_2 version)
  (bnc#934799 and bnc#934800).

-------------------------------------------------------------------
Sun Mar 22 09:39:06 UTC 2015 - coolo@suse.com

- updated to version 4.2.1
 *   Default translations that have a lower precidence than an html safe default,
     but are not themselves safe, should not be marked as html_safe.

     *Justin Coyne*

 *   Added an explicit error message, in `ActionView::PartialRenderer`
     for partial `rendering`, when the value of option `as` has invalid characters.

     *Angelo Capilleri*

-------------------------------------------------------------------
Mon Jan 19 21:12:12 UTC 2015 - dmueller@suse.com

- update to 4.1.9:
  * Added an explicit error message, in `ActionView::PartialRenderer`
  for partial `rendering`, when the value of option `as` has invalid characters.
  * Update `select_tag` to work correctly with `:include_blank` option passing a string.

-------------------------------------------------------------------
Mon Nov 10 14:00:03 UTC 2014 - tboerger@suse.com

- To get rails 4 running on SLE 11 i have switched the
  rb_build_versions definition to rub21 as it is activated within
  devel:languages:ruby. That way we can get running rails 4 on
  SLE 11 too.

-------------------------------------------------------------------
Sun Oct 12 16:53:53 UTC 2014 - coolo@suse.com

- updated to version 4.1.6
 *   Fix that render layout: 'messages/layout' should also be added to the dependency tracker tree.
 *   Return an absolute instead of relative path from an asset url in the case
     of the `asset_host` proc returning nil
 *   Fix `html_escape_once` to properly handle hex escape sequences (e.g. ᨫ)
 *   Bring `cache_digest` rake tasks up-to-date with the latest API changes

-------------------------------------------------------------------
Wed Jul 23 13:30:35 UTC 2014 - mrueckert@suse.com

- - initial package