File rubygem-actionpack-2_0.changes of Package rubygem-actionpack-2_0
-------------------------------------------------------------------
Fri Nov 28 19:05:41 CET 2008 - mrueckert@suse.de
- update to version 2.0.5
* Sanitize the URLs passed to redirect_to to prevent a potential
response splitting attack [koz]
-------------------------------------------------------------------
Fri Sep 19 15:45:41 CEST 2008 - mrueckert@suse.de
- update to version 2.0.4
* Avoid remote_ip spoofing. [Brian Candler]
* Correct inconsistencies in RequestForgeryProtection docs.
#11032 [mislav]
* Make assert_routing aware of the HTTP method used. #8039
[mpalmer]
e.g. assert_routing({ :method => 'put', :path => '/product/321' },
{ :controller => "product", :action => "update", :id => "321" })
* Remove ERB trim variables from trace template in case
ActionView::Base.erb_trim_mode is changed in the application.
#10098 [tpope, kampers]
* Fix typo in form_helper documentation.
#10650 [xaviershay, kampers]
* Fix bug with setting Request#format= after the getter has
cached the value. #10889 [cch1]
* Add label_tag helper for generating elements. #10802 [DefV]
* TestSession supports indifferent access.
#7372 [tamc, Arsen7, mhackett, julik, jean.helou]
* UrlWriter respects relative_url_root. #10748 [Cheah Chu Yeow]
* Support render :text => nil.
#6684 [tjennings, PotatoSalad, Cheah Chu Yeow]
* assert_response failures include the exception message.
#10688 [Seth Rasmussen]
* Fixed rendering of partials with layout when done from site layout
#9209 [antramm]
* Fix atom_feed_helper to comply with the atom spec.
Closes #10672 [xaviershay]
* The tags created do not contain a date
(http://feedvalidator.org/docs/error/InvalidTAG.html)
* IDs are not guaranteed unique
* A default self link was not provided, contrary to the
documentation
* NOTE: This changes tags for existing atom entries,
but at least they validate now.
* Correct indentation in tests. Closes #10671 [l.guidi]
* Fix that auto_link looks for ='s in url paths (Amazon urls
have them). Closes #10640 [bgreenlee]
* Ensure that test case setup is run even if overridden.
#10382 [Josh Peek]
* Fix HTML Sanitizer to allow trailing spaces in CSS style
attributes. Closes #10566 [wesley.moxam]
* Add :default option to time_zone_select. #10590 [Matt Aimonetti]
-------------------------------------------------------------------
Wed Feb 20 23:17:54 CET 2008 - mrueckert@suse.de
- do not obsolete the old name as it leads to trouble on upgrade.
this will handled by the wrapper package.
-------------------------------------------------------------------
Thu Jan 17 15:43:46 CET 2008 - mrueckert@suse.de
- update to version 1.13.6
* Correct Broken Fix for session_fixation attacks
* Ensure that cookies handle array values correctly.
Closes #9937 [queso]
- branch new packge rubygem-actionpack-1_13 to allow parallel
installation of multiple major branches
- removed rubygem-actionpack-1.13.x_session_fixation_attack.patch
included in update
-------------------------------------------------------------------
Fri Nov 23 00:33:20 CET 2007 - mrueckert@suse.de
- updated rubygem-actionpack-1.13.x_session_fixation_attack.patch
new name rubygem-actionpack-1.13.x_session_fixation_attack_v2.patch:
The original upstream patch only worked for the first request.
Do not delete the cookie_only option from the session options.
(#332441) (CVE-2007-6077)
-------------------------------------------------------------------
Wed Oct 17 16:48:01 CEST 2007 - mrueckert@suse.de
- added rubygem-actionpack-1.13.x_session_fixation_attack.patch:
Reject session informations from the query string (#332441)
(CVE-2007-5380)
-------------------------------------------------------------------
Wed Oct 17 17:52:39 CEST 2007 - mrueckert@suse.de
- update to version 1.13.5
* Backport: allow array and hash query parameters. Array route
parameters are converted/to/a/path as before.
#6765, #7047, #7462
[bgipsy, Jeremy McAnally, Dan Kubb, brendan, Diego Algorta Casamayou]
* Fix in place editor's setter action with non-string fields.
#7418 [Andreas]
- additional changes from version 1.13.4
* Only accept session ids from cookies, prevents session fixation
attacks. [bradediger] (CVE-2007-5380) (bnc #332441)
* Change the resource seperator from ; to / change the generated
routes to use the new-style named routes. e.g.
new_group_user_path(@group) instead of
group_new_user_path(@group). [pixeltrix]
* Integration tests: introduce methods for other HTTP methods.
#6353 [caboose]
* Improve performance of action caching. Closes #8231 [skaes]
* Fix errors with around_filters which do not yield, restore 1.1
behaviour with after filters. Closes #8891 [skaes]
After filters will *no longer* be run if an around_filter fails
to yield, users relying on this behaviour are advised to put
the code in question after a yield statement in an around
filter.
* Allow you to delete cookies with options.
Closes #3685 [josh, Chris Wanstrath]
* Deprecate pagination. Install the classic_pagination
plugin for forward compatibility, or move to the superior
will_paginate plugin. #8157 [Mislav Marohnic]
* Fix filtered parameter logging with nil parameter values.
#8422 [choonkeat]
* Integration tests: alias xhr to xml_http_request and add a
request_method argument instead of always using POST.
#7124 [Nik Wakelin, Francois Beausoleil, Wizard]
* Document caches_action. #5419 [Jarkko Laine]
* observe_form always sends the serialized form.
#5271 [manfred, normelton@gmail.com]
* Update UrlWriter to accept :anchor parameter.
Closes #6771. [octopod]
* Replace the current block/continuation filter chain handling by
an implementation based on a simple loop.
Closes #8226 [Stefan Kaes]
* Return the string representation from an Xml Builder when
rendering a partial. #5044 [tpope]
* Cleaned up, corrected, and mildly expanded ActionPack
documentation. Closes #7190 [jeremymcanally]
* Small collection of ActionController documentation cleanups.
Closes #7319 [jeremymcanally]
* Performance: patch cgi/session/pstore to require digest/md5
once rather than per #initialize. #7583 [Stefan Kaes]
* Deprecation: verification with :redirect_to => :named_route
shouldn't be deprecated. #7525 [Justin French]
-------------------------------------------------------------------
Mon May 14 16:32:28 CEST 2007 - mrueckert@suse.de
- update to version 1.13.3:
* Fix a bug in Routing where a parameter taken from the path of
the current request could not be used as a query parameter for
the next. #6752 [Nicholas Seckar]
* session_enabled? works with session :off. #6680 [Catfish]
* Performance: patch cgi/session to require digest/md5 once
rather than per #create_new_id. [Stefan Kaes]
- additional changes from 1.13.2:
* Add much-needed html-scanner tests. Fixed CDATA parsing bug.
[Rick]
* improve error message for Routing for named routes.
[Rob Sanheim]
* Added enhanced docs to routing assertions. [Rob Sanheim]
* fix form_for example in ActionController::Resources
documentation. [gnarg]
* Add singleton resources from trunk [Rick Olson]
* select :multiple => true suffixes the attribute name with []
unless already suffixed. #6977 [nik.kakelin, ben, julik]
* Improve routes documentation. #7095 [zackchandler]
* Resource member routes require :id, eliminating the ambiguous
overlap with collection routes. #7229 [dkubb]
* Fixed NumberHelper#number_with_delimiter to use "." always
for splitting the original number, not the delimiter
parameter #7389 [ceefour]
* Autolinking recognizes trailing and embedded . , : ;
#7354 [Jarkko Laine]
* Make TextHelper::auto_link recognize URLs with colons in
path correctly, fixes #7268. [imajes]
* Improved auto_link to match more valid urls correctly
[Tobias Luetke]
-------------------------------------------------------------------
Wed Jan 24 00:57:59 CET 2007 - mrueckert@suse.de
- update to version 1.13.1:
update for rails 1.2.1. Too many changes to mention them here.
see /usr/lib*/ruby/gems/1.8/gems/actionpack-1.13.1/CHANGELOG
-------------------------------------------------------------------
Fri Aug 11 02:33:25 CEST 2006 - mrueckert@suse.de
- update to version 1.12.5:
* update for the previous security fix
-------------------------------------------------------------------
Thu Aug 10 12:40:16 CEST 2006 - mrueckert@suse.de
- update to version 1.12.4:
* Documentation fix: integration test scripts don't require
integration_test. (rails:#4914) [Frederick Ros <sl33p3r@free.fr>]
* ActionController::Base Summary documentation rewrite.
(rails:#4900) [kevin.clark@gmail.com]
* Fix text_helper.rb documentation rendering.
(rails:#4725) [Frederick Ros]
* Fixes bad rendering of JavaScriptMacrosHelper rdoc.
(rails:#4910) [Frederick Ros]
* Enhance documentation for setting headers in integration tests.
Skip auto HTTP prepending when its already there.
(rails:#4079) [Rick Olson]
* Documentation for AbstractRequest.
(rails:#4895) [kevin.clark@gmail.com]
* Remove all remaining references to @params in the documentation.
[Marcel Molina Jr.]
* Add documentation for redirect_to :back's RedirectBackError
exception. [Marcel Molina Jr.]
* Update layout and content_for documentation to use yield rather
than magic @content_for instance variables. [Marcel Molina Jr.]
* Cache CgiRequest#request_parameters so that multiple calls
don't re-parse multipart data. [Rick]
* Fixed that remote_form_for can leave out the object parameter
and default to the instance variable of the object_name,
just like form_for [DHH]
* Added ActionController.filter_parameter_logging that makes it
easy to remove passwords, credit card numbers, and other
sensitive information from being logged when a request is
handled. (rails:#1897) [jeremye@bsa.ca.gov]
* Fixed that real files and symlinks should be treated the same
when compiling templates.
(rails:#5438) [zachary@panandscan.com]
* Add :status option to send_data and send_file. Defaults to
'200 OK'. (rails:#5243)
[Manfred Stienstra <m.stienstra@fngtps.com>]
* Update documentation for erb trim syntax.
(rails:#5651) [matt@mattmargolis.net]
* Short documentation to mention use of Mime::Type.register.
(rails:#5710) [choonkeat@gmail.com]
-------------------------------------------------------------------
Sat Jul 1 04:21:38 CEST 2006 - mrueckert@suse.de
- update to version 1.12.3:
* Fix broken traverse_to_controller. We now:
Look for a _controller.rb file under RAILS_ROOT to load.
If we find it, we require_dependency it and return the
controller it defined. (If none was defined we stop looking.)
If we don't find it, we look for a .rb file under RAILS_ROOT
to load. If we find it, and it loads a constant we keep
looking. Otherwise we check to see if a directory of the same
name exists, and if it does we create a module for it.
* Refinement to avoid exceptions in traverse_to_controller.
* (Hackish) Fix loading of arbitrary files in Ruby's load path
* by traverse_to_controller. [Nicholas Seckar]
-------------------------------------------------------------------
Wed Jun 21 01:06:03 CEST 2006 - mrueckert@suse.de
- use rubygems_with_buildroot_patch instead of the versioned
buildrequires
-------------------------------------------------------------------
Mon Jun 19 18:37:41 CEST 2006 - mrueckert@suse.de
- Initial package version 1.12.1
