File rubygem-actionview-5_1.changes of Package rubygem-actionview-5_1.26194
-------------------------------------------------------------------
Wed Sep 28 16:01:35 UTC 2022 - Manuel Schnitzer <mschnitzer@suse.com>
- Add patch to fix CVE-2022-27777 (bsc#1199060)
0004-CVE-2022-27777.patch
-------------------------------------------------------------------
Wed Sep 28 15:47:22 UTC 2022 - Manuel Schnitzer <mschnitzer@suse.com>
- Add patch to fix CVE-2020-15169 (bsc#1176421)
0003-CVE-2020-15169.patch
-------------------------------------------------------------------
Wed Sep 28 15:34:20 UTC 2022 - Manuel Schnitzer <mschnitzer@suse.com>
- Add patch to fix CVE-2020-8167 (bsc#1172184)
0002-CVE-2020-8167.patch
-------------------------------------------------------------------
Mon Apr 27 10:51:59 UTC 2020 - Manuel Schnitzer <mschnitzer@suse.com>
- Add patch to fix CVE-2020-5267 (bsc#1167240)
0001-CVE-2020-5267.patch
In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS
vulnerability in ActionView's JavaScript literal escape helpers. Views that use
the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The
issue is fixed in versions 6.0.2.2 and 5.2.4.2.
-------------------------------------------------------------------
Mon Sep 11 08:54:49 UTC 2017 - enavarro@suse.com
- Update to version 5.1.4
-------------------------------------------------------------------
Wed Aug 9 07:55:20 UTC 2017 - cbruckmayer@suse.com
- Update to version 5.1.3
-------------------------------------------------------------------
Sat Jun 24 06:16:40 UTC 2017 - adrian@suse.de
- update to version 5.1.1
-------------------------------------------------------------------
Fri Aug 12 04:31:09 UTC 2016 - coolo@suse.com
- updated to version 5.0.0.1
see installed CHANGELOG.md
-------------------------------------------------------------------
Mon Jul 4 09:10:39 UTC 2016 - coolo@suse.com
- updated to rails 5.0 - see http://weblog.rubyonrails.org/2016/6/30/Rails-5-0-final/
-------------------------------------------------------------------
Tue Mar 8 05:30:10 UTC 2016 - coolo@suse.com
- updated to version 4.2.6
see installed CHANGELOG.md
## Rails 4.2.6 (March 07, 2016) ##
* Fix stripping the digest from the automatically generated img tag alt
attribute when assets are handled by Sprockets >=3.0.
*Bart de Water*
* Create a new `ActiveSupport::SafeBuffer` instance when `content_for` is flushed.
Fixes #19890
*Yoong Kang Lim*
* Respect value of `:object` if `:object` is false when rendering.
Fixes #22260.
*Yuichiro Kaneko*
* Generate `week_field` input values using a 1-based index and not a 0-based index
as per the W3 spec: http://www.w3.org/TR/html-markup/datatypes.html#form.data.week
*Christoph Geschwind*
-------------------------------------------------------------------
Tue Mar 1 05:31:26 UTC 2016 - coolo@suse.com
- updated to version 4.2.5.2
see installed CHANGELOG.md
## Rails 4.2.5.2 (February 26, 2016) ##
* Do not allow render with unpermitted parameter.
Fixes CVE-2016-2098.
*Arthur Neves*
## Rails 4.2.5.1 (January 25, 2015) ##
* Adds boolean argument outside_app_allowed to `ActionView::Resolver#find_templates`
method.
*Aaron Patterson*
-------------------------------------------------------------------
Tue Jan 26 05:30:06 UTC 2016 - coolo@suse.com
- updated to version 4.2.5.1
see installed CHANGELOG.md
-------------------------------------------------------------------
Fri Nov 13 05:29:38 UTC 2015 - coolo@suse.com
- updated to version 4.2.5
see installed CHANGELOG.md
## Rails 4.2.5 (November 12, 2015) ##
* Fix `mail_to` when called with `nil` as argument.
*Rafael Mendonça França*
* `url_for` does not modify its arguments when generating polymorphic URLs.
*Bernerd Schaefer*
-------------------------------------------------------------------
Tue Aug 25 04:29:49 UTC 2015 - coolo@suse.com
- updated to version 4.2.4
see installed CHANGELOG.md
## Rails 4.2.4 (August 24, 2015) ##
* No Changes *
-------------------------------------------------------------------
Fri Jun 26 04:30:06 UTC 2015 - coolo@suse.com
- updated to version 4.2.3
see installed CHANGELOG.md
## Rails 4.2.3 (June 25, 2015) ##
* `translate` should handle `raise` flag correctly in case of both main and default
translation is missing.
Fixes #19967
*Bernard Potocki*
* `translate` allows `default: [[]]` again for a default value of `[]`.
Fixes #19640.
*Adam Prescott*
* `translate` should accept nils as members of the `:default`
parameter without raising a translation missing error. Fixes a
regression introduced 362557e.
Fixes #19419
*Justin Coyne*
* `number_to_percentage` does not crash with `Float::NAN` or `Float::INFINITY`
as input when `precision: 0` is used.
Fixes #19227.
*Yves Senn*
-------------------------------------------------------------------
Wed Jun 17 04:30:35 UTC 2015 - coolo@suse.com
- updated to version 4.2.2
see installed CHANGELOG.md
## Rails 4.2.2 (June 16, 2015) ##
* No Changes *
-------------------------------------------------------------------
Sun Mar 22 09:39:06 UTC 2015 - coolo@suse.com
- updated to version 4.2.1
* Default translations that have a lower precidence than an html safe default,
but are not themselves safe, should not be marked as html_safe.
*Justin Coyne*
* Added an explicit error message, in `ActionView::PartialRenderer`
for partial `rendering`, when the value of option `as` has invalid characters.
*Angelo Capilleri*
-------------------------------------------------------------------
Mon Jan 19 21:12:12 UTC 2015 - dmueller@suse.com
- update to 4.1.9:
* Added an explicit error message, in `ActionView::PartialRenderer`
for partial `rendering`, when the value of option `as` has invalid characters.
* Update `select_tag` to work correctly with `:include_blank` option passing a string.
-------------------------------------------------------------------
Mon Nov 10 14:00:03 UTC 2014 - tboerger@suse.com
- To get rails 4 running on SLE 11 i have switched the
rb_build_versions definition to rub21 as it is activated within
devel:languages:ruby. That way we can get running rails 4 on
SLE 11 too.
-------------------------------------------------------------------
Sun Oct 12 16:53:53 UTC 2014 - coolo@suse.com
- updated to version 4.1.6
* Fix that render layout: 'messages/layout' should also be added to the dependency tracker tree.
* Return an absolute instead of relative path from an asset url in the case
of the `asset_host` proc returning nil
* Fix `html_escape_once` to properly handle hex escape sequences (e.g. ᨫ)
* Bring `cache_digest` rake tasks up-to-date with the latest API changes
-------------------------------------------------------------------
Wed Jul 23 13:30:35 UTC 2014 - mrueckert@suse.com
- - initial package