Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:darix:apps
rubygem-actionpack-5.2
rubygem-actionpack-5.2.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File rubygem-actionpack-5.2.changes of Package rubygem-actionpack-5.2
------------------------------------------------------------------- Sun May 14 01:29:59 UTC 2023 - Marcus Rueckert <mrueckert@suse.de> - cleanup ruby version restrictions ------------------------------------------------------------------- Wed Jul 13 11:04:14 UTC 2022 - Marcus Rueckert <mrueckert@suse.de> - Update to version 5.2.8.1: (boo#1201465 CVE-2022-32224) https://rubyonrails.org/2022/7/12/Rails-Versions-7-0-3-1-6-1-6-1-6-0-5-1-and-5-2-8-1-have-been-released ------------------------------------------------------------------- Mon Mar 14 19:13:33 UTC 2022 - Daniel Molkentin <daniel@molkentin.de> - Update to version 5.2.6.3: https://rubyonrails.org/2022/3/8/Rails-7-0-2-3-6-1-4-7-6-0-4-7-and-5-2-6-3-have-been-released https://discuss.rubyonrails.org/t/cve-2022-21831-possible-code-injection-vulnerability-in-rails-active-storage/80199 ------------------------------------------------------------------- Sat Feb 12 16:03:16 UTC 2022 - Marcus Rueckert <mrueckert@suse.de> - Update to version 5.2.6.2: https://rubyonrails.org/2022/2/11/Rails-7-0-2-2-6-1-4-6-6-0-4-6-and-5-2-6-2-have-been-released https://github.com/rails/rails/security/advisories/GHSA-wh98-p28r-vrc9 https://discuss.rubyonrails.org/t/cve-2022-23633-possible-exposure-of-information-vulnerability-in-action-pack/80016 ------------------------------------------------------------------- Thu Jun 24 16:48:01 UTC 2021 - Stephan Kulow <coolo@suse.com> updated to version 5.2.6 see installed CHANGELOG.md ## Rails 5.2.6 (May 05, 2021) ## * Accept base64_urlsafe CSRF tokens to make forward compatible. Base64 strict-encoded CSRF tokens are not inherently websafe, which makes them difficult to deal with. For example, the common practice of sending the CSRF token to a browser in a client-readable cookie does not work properly out of the box: the value has to be url-encoded and decoded to survive transport. In this version, we generate Base64 urlsafe-encoded CSRF tokens, which are inherently safe to transport. Validation accepts both urlsafe tokens, and strict-encoded tokens for backwards compatibility. How the tokes are encoded is controllr by the `action_controller.urlsafe_csrf_tokens` config. In Rails 5.2.5, the CSRF token format was accidentally changed to urlsafe-encoded. **Atention**: If you already upgraded your application to 5.2.5, set the config `urlsafe_csrf_tokens` to `true`, otherwise your form submission will start to fail during the deploy of this new version. ```ruby Rails.application.config.action_controller.urlsafe_csrf_tokens = true ``` If you are upgrading from 5.2.4.x, you don't need to change this configuration. *Scott Blum*, *Étienne Barrié* ## Rails 5.2.5 (March 26, 2021) ## * No changes. ## Rails 5.2.4.6 (May 05, 2021) ## * Prevent regex DoS in HTTP token authentication CVE-2021-22904 * Prevent string polymorphic route arguments. `url_for` supports building polymorphic URLs via an array of arguments (usually symbols and records). If a developer passes a user input array, strings can result in unwanted route helper calls. CVE-2021-22885 *Gannon McGibbon* ## Rails 5.2.4.5 (February 10, 2021) ## * No changes. ------------------------------------------------------------------- Fri Sep 25 13:19:36 UTC 2020 - Stephan Kulow <coolo@suse.com> updated to version 5.2.4.4 see installed CHANGELOG.md ## Rails 5.2.4.4 (September 09, 2020) ## * No changes. ## Rails 5.2.4.3 (May 18, 2020) ## * [CVE-2020-8166] HMAC raw CSRF token before masking it, so it cannot be used to reconstruct a per-form token * [CVE-2020-8164] Return self when calling #each, #each_pair, and #each_value instead of the raw @parameters hash ------------------------------------------------------------------- Thu May 7 19:58:11 UTC 2020 - Stephan Kulow <coolo@suse.com> - updated to version 5.2.4.2 see installed CHANGELOG.md ------------------------------------------------------------------- Fri Dec 20 15:12:50 UTC 2019 - Marcus Rueckert <mrueckert@suse.de> - update to version 5.2.4.1 (CVE-2019-16782): https://weblog.rubyonrails.org/2019/12/18/Rails-5-2-4-1-has-been-released/ ------------------------------------------------------------------- Thu Nov 28 12:52:16 UTC 2019 - Manuel Schnitzer <mschnitzer@suse.com> - updated to version 5.2.4 * no changes ------------------------------------------------------------------- Fri Mar 29 05:49:58 UTC 2019 - Stephan Kulow <coolo@suse.com> - updated to version 5.2.3 see installed CHANGELOG.md ## Rails 5.2.3 (March 27, 2019) ## * Allow using combine the Cache Control `public` and `no-cache` headers. Before this change, even if `public` was specified for Cache Control header, it was excluded when `no-cache` was included. This fixed to keep `public` header as is. Fixes #34780. *Yuji Yaginuma* * Allow `nil` params for `ActionController::TestCase`. *Ryo Nakamura* ------------------------------------------------------------------- Thu Mar 14 03:44:21 UTC 2019 - Marcus Rueckert <mrueckert@suse.de> - update to version 5.2.2.1: https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/ CVE-2019-5418 CVE-2019-5419 CVE-2019-5420 ------------------------------------------------------------------- Sat Jan 19 19:50:56 UTC 2019 - Marcus Rueckert <mrueckert@suse.de> - rb_build_ruby_abi needs to be rb_build_ruby_abis ------------------------------------------------------------------- Fri Jan 18 16:24:32 UTC 2019 - Marcus Rueckert <mrueckert@suse.de> - limit to ruby 2.5 and above for 42.3/sle12 ------------------------------------------------------------------- Sat Dec 8 16:12:29 UTC 2018 - Stephan Kulow <coolo@suse.com> - updated to version 5.2.2 see installed CHANGELOG.md ## Rails 5.2.2 (December 04, 2018) ## * Reset Capybara sessions if failed system test screenshot raising an exception. Reset Capybara sessions if `take_failed_screenshot` raise exception in system test `after_teardown`. *Maxim Perepelitsa* * Use request object for context if there's no controller There is no controller instance when using a redirect route or a mounted rack application so pass the request object as the context when resolving dynamic CSP sources in this scenario. Fixes #34200. *Andrew White* * Apply mapping to symbols returned from dynamic CSP sources Previously if a dynamic source returned a symbol such as :self it would be converted to a string implicity, e.g: policy.default_src -> { :self } would generate the header: Content-Security-Policy: default-src self and now it generates: Content-Security-Policy: default-src 'self' *Andrew White* * Fix `rails routes -c` for controller name consists of multiple word. *Yoshiyuki Kinjo* * Call the `#redirect_to` block in controller context. *Steven Peckins* ------------------------------------------------------------------- Mon Dec 3 06:18:31 UTC 2018 - mschnitzer@suse.com - updated to version 5.2.1.1 (boo#1118076) * No changes / Just a version bump to match with Rails 5.2.1.1 ------------------------------------------------------------------- Wed Aug 8 14:44:15 UTC 2018 - mschnitzer@suse.com - updated to version 5.2.1 (boo#1104209) * Prevent `?null=` being passed on JSON encoded test requests. `RequestEncoder#encode_params` won't attempt to parse params if there are none. So call like this will no longer append a `?null=` query param. get foos_url, as: :json (Alireza Bashiri) * Ensure `ActionController::Parameters#transform_values` and `ActionController::Parameters#transform_values!` converts hashes into parameters. (Kevin Sjöberg) * Fix strong parameters `permit!` with nested arrays. Given: ``` params = ActionController::Parameters.new(nested_arrays: [[{ x: 2, y: 3 }, { x: 21, y: 42 }]]) params.permit! ``` `params[:nested_arrays][0][0].permitted?` will now return `true` instead of `false`. (Steve Hull) * Reset `RAW_POST_DATA` and `CONTENT_LENGTH` request environment between test requests in `ActionController::TestCase` subclasses. (Eugene Kenny) * Output only one Content-Security-Policy nonce header value per request. Fixes #32597. (Andrey Novikov, Andrew White) * Only disable GPUs for headless Chrome on Windows. It is not necessary anymore for Linux and macOS machines. https://bugs.chromium.org/p/chromium/issues/detail?id=737678#c1 (Stefan Wrobel) * Fix system tests transactions not closed between examples. (Sergey Tarasov) ------------------------------------------------------------------- Mon Apr 16 12:05:02 UTC 2018 - mschnitzer@suse.com - initialize package see changelog: https://github.com/rails/rails/blob/v5.2.0/actionpack/CHANGELOG.md
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor