File rubygem-rails-6.1.changes of Package rubygem-rails-6.1
-------------------------------------------------------------------
Mon Nov 4 17:18:33 UTC 2024 - Dan Čermák <dan.cermak@posteo.net>
- 6.1.7.10:
## Active Support
* No changes.
## Active Model
* No changes.
## Active Record
* No changes.
## Action View
* No changes.
## Action Pack
* No changes.
## Active Job
* No changes.
## Action Mailer
* Fix NoMethodError in `block_format` helper
*Michael Leimstaedtner*
## Action Cable
* No changes.
## Active Storage
* No changes.
## Action Mailbox
* No changes.
## Action Text
* No changes.
## Railties
* No changes.
## Guides
* No changes.
6.1.7.9:
## Active Support
* No changes.
## Active Model
* No changes.
## Active Record
* No changes.
## Action View
* No changes.
## Action Pack
* Avoid regex backtracking in HTTP Token authentication
[CVE-2024-47887]
* Avoid regex backtracking in query parameter filtering
[CVE-2024-41128]
## Active Job
* No changes.
## Action Mailer
* Avoid regex backtracking in `block_format` helper
[CVE-2024-47889]
## Action Cable
* No changes.
## Active Storage
* No changes.
## Action Mailbox
* No changes.
## Action Text
* Avoid backtracing in plain_text_for_blockquote_node
[CVE-2024-47888]
## Railties
* No changes.
## Guides
* No changes.
-------------------------------------------------------------------
Fri Jun 21 10:28:45 UTC 2024 - Dan Čermák <dan.cermak@posteo.net>
- 6.1.7.8:
## Active Support
* No changes.
## Active Model
* No changes.
## Active Record
* No changes.
## Action View
* No changes.
## Action Pack
* Include the HTTP Permissions-Policy on non-HTML Content-Types
[CVE-2024-28103]
## Active Job
* No changes.
## Action Mailer
* No changes.
## Action Cable
* No changes.
## Active Storage
* No changes.
## Action Mailbox
* No changes.
## Action Text
* No changes.
## Railties
* No changes.
6.1.7.7:
## Active Support
* No changes.
## Active Model
* No changes.
## Active Record
* No changes.
## Action View
* No changes.
## Action Pack
* No changes.
## Active Job
* No changes.
## Action Mailer
* No changes.
## Action Cable
* No changes.
## Active Storage
* Disables the session in `ActiveStorage::Blobs::ProxyController`
and `ActiveStorage::Representations::ProxyController`
in order to allow caching by default in some CDNs as CloudFlare
Fixes #44136
*Bruno Prieto*
## Action Mailbox
* No changes.
## Action Text
* No changes.
## Railties
* No changes.
-------------------------------------------------------------------
Tue Nov 14 15:27:17 UTC 2023 - Dan Čermák <dan.cermak@posteo.net>
- 6.1.7.6:
No changes between this and 6.1.7.5. This release was just to fix file permissions in the previous release.
6.1.7.5:
## Active Support
* Use a temporary file for storing unencrypted files while editing
[CVE-2023-38037]
## Active Model
* No changes.
## Active Record
* No changes.
## Action View
* No changes.
## Action Pack
* No changes.
## Active Job
* No changes.
## Action Mailer
* No changes.
## Action Cable
* No changes.
## Active Storage
* No changes.
## Action Mailbox
* No changes.
## Action Text
* No changes.
## Railties
* No changes.
6.1.7.4:
## Active Support
* No changes.
## Active Model
* No changes.
## Active Record
* No changes.
## Action View
* No changes.
## Action Pack
* Raise an exception if illegal characters are provide to redirect_to
[CVE-2023-28362]
*Zack Deveau*
## Active Job
* No changes.
## Action Mailer
* No changes.
## Action Cable
* No changes.
## Active Storage
* No changes.
## Action Mailbox
* No changes.
## Action Text
* No changes.
## Railties
* No changes.
6.1.7.3:
## Active Support
* Implement SafeBuffer#bytesplice
[CVE-2023-28120]
## Active Model
* No changes.
## Active Record
* No changes.
## Action View
* Ignore certain data-* attributes in rails-ujs when element is contenteditable
[CVE-2023-23913]
## Action Pack
* No changes.
## Active Job
* No changes.
## Action Mailer
* No changes.
## Action Cable
* No changes.
## Active Storage
* No changes.
## Action Mailbox
* No changes.
## Action Text
* No changes.
## Railties
* No changes.
6.1.7.2:
## Active Support
* No changes.
## Active Model
* No changes.
## Active Record
* No changes.
## Action View
* No changes.
## Action Pack
* Fix `domain: :all` for two letter TLD
This fixes a compatibility issue introduced in our previous security
release when using `domain: :all` with a two letter but single level top
level domain domain (like `.ca`, rather than `.co.uk`).
## Active Job
* No changes.
## Action Mailer
* No changes.
## Action Cable
* No changes.
## Active Storage
* No changes.
## Action Mailbox
* No changes.
## Action Text
* No changes.
## Railties
* No changes.
6.1.7.1:
## Active Support
* Avoid regex backtracking in Inflector.underscore
[CVE-2023-22796]
## Active Model
* No changes.
## Active Record
* Make sanitize_as_sql_comment more strict
Though this method was likely never meant to take user input, it was
attempting sanitization. That sanitization could be bypassed with
carefully crafted input.
This commit makes the sanitization more robust by replacing any
occurrances of "/*" or "*/" with "/ *" or "* /". It also performs a
first pass to remove one surrounding comment to avoid compatibility
issues for users relying on the existing removal.
This also clarifies in the documentation of annotate that it should not
be provided user input.
[CVE-2023-22794]
* Added integer width check to PostgreSQL::Quoting
Given a value outside the range for a 64bit signed integer type
PostgreSQL will treat the column type as numeric. Comparing
integer values against numeric values can result in a slow
sequential scan.
This behavior is configurable via
ActiveRecord::Base.raise_int_wider_than_64bit which defaults to true.
[CVE-2022-44566]
## Action View
* No changes.
## Action Pack
* Avoid regex backtracking on If-None-Match header
[CVE-2023-22795]
* Use string#split instead of regex for domain parts
[CVE-2023-22792]
## Active Job
* No changes.
## Action Mailer
* No changes.
## Action Cable
* No changes.
## Active Storage
* No changes.
## Action Mailbox
* No changes.
## Action Text
* No changes.
## Railties
* No changes.
-------------------------------------------------------------------
Mon Oct 10 13:16:12 UTC 2022 - Stephan Kulow <coolo@suse.com>
updated to version 6.1.7
no changelog found
-------------------------------------------------------------------
Thu Aug 4 13:24:34 UTC 2022 - Stephan Kulow <coolo@suse.com>
updated to version 6.1.6.1
no changelog found
-------------------------------------------------------------------
Thu Apr 28 05:42:58 UTC 2022 - Stephan Kulow <coolo@suse.com>
updated to version 6.1.5.1
no changelog found
-------------------------------------------------------------------
Tue Feb 15 07:35:45 UTC 2022 - Stephan Kulow <coolo@suse.com>
updated to version 6.1.4.6
no changelog found
-------------------------------------------------------------------
Tue Jan 25 07:22:21 UTC 2022 - Stephan Kulow <coolo@suse.com>
updated to version 6.1.4.4
no changelog found
-------------------------------------------------------------------
Wed Aug 25 04:55:37 UTC 2021 - Manuel Schnitzer <mschnitzer@suse.com>
- updated to version 6.1.4.1
Release notes:
https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released/
-------------------------------------------------------------------
Fri Jul 9 12:17:44 UTC 2021 - Manuel Schnitzer <mschnitzer@suse.com>
- updated to version 6.1.4
Release notes:
* https://weblog.rubyonrails.org/2021/6/24/Rails-6-1-4-has-been-released/
-------------------------------------------------------------------
Fri May 14 15:50:24 UTC 2021 - Manuel Schnitzer <mschnitzer@suse.com>
- updated to version 6.1.3.2
Release notes:
* https://weblog.rubyonrails.org/2021/5/5/Rails-versions-6-1-3-2-6-0-3-7-5-2-4-6-and-5-2-6-have-been-released/
-------------------------------------------------------------------
Tue Apr 20 15:28:53 UTC 2021 - Manuel Schnitzer <mschnitzer@suse.com>
- updated to version 6.1.3.1
* no changes - find the changes in Rails's framework dependencies
-------------------------------------------------------------------
Mon Mar 15 04:06:32 UTC 2021 - Manuel Schnitzer <mschnitzer@suse.com>
- updated to version 6.1.3
* no changes - find the changes in Rails's framework dependencies
-------------------------------------------------------------------
Mon Feb 15 12:40:51 UTC 2021 - Manuel Schnitzer <mschnitzer@suse.com>
- updated to version 6.1.2.1
* no changes - find the changes in Rails's framework dependencies
-------------------------------------------------------------------
Wed Jan 20 07:15:28 UTC 2021 - Manuel Schnitzer <mschnitzer@suse.com>
- updated to version 6.1.1
* no changes - find the changes in Rails's framework dependencies
-------------------------------------------------------------------
Fri Dec 11 02:21:07 UTC 2020 - Manuel Schnitzer <mschnitzer@suse.com>
- removed build flags for Ruby 2.6 and 2.7 only
We need to have Ruby 2.5 binaries as well.
- removed disable_docs gem2rpm option (not available)
-------------------------------------------------------------------
Wed Dec 9 23:53:34 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
- update to version 6.1.0:
https://weblog.rubyonrails.org/2020/12/9/Rails-6-1-0-release/
-------------------------------------------------------------------
Mon Nov 2 23:24:40 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
- initial package
