File rubygem-actionview-5.2.changes of Package rubygem-actionview-5.2
-------------------------------------------------------------------
Thu Aug 4 12:50:37 UTC 2022 - Stephan Kulow <coolo@suse.com>
updated to version 5.2.8.1
see installed CHANGELOG.md
## Rails 5.2.8.1 (July 12, 2022) ##
* No changes.
## Rails 5.2.8 (May 09, 2022) ##
* No changes.
-------------------------------------------------------------------
Thu Apr 28 05:10:01 UTC 2022 - Stephan Kulow <coolo@suse.com>
updated to version 5.2.7.1
see installed CHANGELOG.md
## Rails 5.2.7.1 (April 26, 2022) ##
* Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`.
Escape dangerous characters in names of tags and names of attributes in the
tag helpers, following the XML specification. Rename the option
`:escape_attributes` to `:escape`, to simplify by applying the option to the
whole tag.
*Álvaro Martín Fraguas*
## Rails 5.2.7 (March 10, 2022) ##
* No changes.
## Rails 5.2.6.3 (March 08, 2022) ##
* No changes.
-------------------------------------------------------------------
Tue Feb 15 07:08:16 UTC 2022 - Stephan Kulow <coolo@suse.com>
updated to version 5.2.6.2
see installed CHANGELOG.md
## Rails 5.2.6.2 (February 11, 2022) ##
* No changes.
## Rails 5.2.6.1 (February 11, 2022) ##
* No changes.
-------------------------------------------------------------------
Thu Jun 24 16:48:49 UTC 2021 - Stephan Kulow <coolo@suse.com>
updated to version 5.2.6
see installed CHANGELOG.md
## Rails 5.2.6 (May 05, 2021) ##
* No changes.
## Rails 5.2.5 (March 26, 2021) ##
* No changes.
## Rails 5.2.4.6 (May 05, 2021) ##
* No changes.
## Rails 5.2.4.5 (February 10, 2021) ##
* No changes.
-------------------------------------------------------------------
Fri Sep 25 13:20:13 UTC 2020 - Stephan Kulow <coolo@suse.com>
updated to version 5.2.4.4
see installed CHANGELOG.md
## Rails 5.2.4.4 (September 09, 2020) ##
* [CVE-2020-15169] Fix potential XSS vulnerability in the `translate`/`t` helper
*Jonathan Hefner*
## Rails 5.2.4.3 (May 18, 2020) ##
* [CVE-2020-8167] Check that request is same-origin prior to including CSRF token in XHRs
-------------------------------------------------------------------
Thu May 7 19:59:22 UTC 2020 - Stephan Kulow <coolo@suse.com>
- updated to version 5.2.4.2
see installed CHANGELOG.md
-------------------------------------------------------------------
Fri Dec 20 15:12:54 UTC 2019 - Marcus Rueckert <mrueckert@suse.de>
- update to version 5.2.4.1 (CVE-2019-16782):
https://weblog.rubyonrails.org/2019/12/18/Rails-5-2-4-1-has-been-released/
-------------------------------------------------------------------
Thu Nov 28 12:53:13 UTC 2019 - Manuel Schnitzer <mschnitzer@suse.com>
- updated to version 5.2.4
* Allow programmatic click events to trigger Rails UJS click handlers.
Programmatic click events (eg. ones generated by `Rails.fire(link, "click")`) don't specify a button. These events were being incorrectly stopped by code meant to ignore scroll wheel and right clicks introduced in #34573.
*Sudara Williams*
-------------------------------------------------------------------
Fri Mar 29 05:50:48 UTC 2019 - Stephan Kulow <coolo@suse.com>
- updated to version 5.2.3
see installed CHANGELOG.md
## Rails 5.2.3 (March 27, 2019) ##
* Prevent non-primary mouse keys from triggering Rails UJS click handlers.
Firefox fires click events even if the click was triggered by non-primary mouse keys such as right- or scroll-wheel-clicks.
For example, right-clicking a link such as the one described below (with an underlying ajax request registered on click) should not cause that request to occur.
```
<%= link_to 'Remote', remote_path, class: 'remote', remote: true, data: { type: :json } %>
```
Fixes #34541
*Wolfgang Hobmaier*
-------------------------------------------------------------------
Thu Mar 14 03:44:25 UTC 2019 - Marcus Rueckert <mrueckert@suse.de>
- update to version 5.2.2.1:
https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/
CVE-2019-5418 CVE-2019-5419 CVE-2019-5420
-------------------------------------------------------------------
Sat Jan 19 19:50:57 UTC 2019 - Marcus Rueckert <mrueckert@suse.de>
- rb_build_ruby_abi needs to be rb_build_ruby_abis
-------------------------------------------------------------------
Fri Jan 18 16:24:34 UTC 2019 - Marcus Rueckert <mrueckert@suse.de>
- limit to ruby 2.5 and above for 42.3/sle12
-------------------------------------------------------------------
Sat Dec 8 16:13:27 UTC 2018 - Stephan Kulow <coolo@suse.com>
- updated to version 5.2.2
see installed CHANGELOG.md
## Rails 5.2.2 (December 04, 2018) ##
* No changes.
-------------------------------------------------------------------
Mon Dec 3 06:19:24 UTC 2018 - mschnitzer@suse.com
- updated to version 5.2.1.1 (boo#1118076)
* No changes / Just a version bump to match with Rails 5.2.1.1
-------------------------------------------------------------------
Wed Aug 8 14:47:22 UTC 2018 - mschnitzer@suse.com
- updated to version 5.2.1 (boo#1104209)
* Fix leak of `skip_default_ids` and `allow_method_names_outside_object` options
to HTML attributes.
(Yurii Cherniavskyi)
* Fix issue with `button_to`'s `to_form_params`
`button_to` was throwing exception when invoked with `params` hash that
contains symbol and string keys. The reason for the exception was that
`to_form_params` was comparing the given symbol and string keys.
The issue is fixed by turning all keys to strings inside
`to_form_params` before comparing them.
(Georgi Georgiev)
* Fix JavaScript views rendering does not work with Firefox when using
Content Security Policy.
Fixes #32577.
(Yuji Yaginuma)
* Add the `nonce: true` option for `javascript_include_tag` helper to
support automatic nonce generation for Content Security Policy.
Works the same way as `javascript_tag nonce: true` does.
(Yaroslav Markin)
-------------------------------------------------------------------
Mon Apr 16 12:12:02 UTC 2018 - mschnitzer@suse.com
- initialize package
see changelog: https://github.com/rails/rails/blob/v5.2.0/actionview/CHANGELOG.md
