Overview

File rubygem-activerecord-2_3.changes of Package rubygem-activerecord-2_3.1540

-------------------------------------------------------------------
Tue Apr  2 11:51:26 UTC 2013 - jmassaguerpla@suse.com

- add patch to fix security issue:
  - bug-809932_2-3-attribute_symbols.patch:
    fix CVE-2013-1854: rubygem-activerecord*: Symbol DoS vulnerability
    in Active Record (bnc#809932)

-------------------------------------------------------------------
Wed Feb 13 23:26:12 UTC 2013 - mrueckert@suse.de

- update to version 2.3.17 (bnc#803336, bnc#803339)
  CVE-2013-0276 CVE-2013-0277:
  - Fix issue with attr_protected where malformed input could
    circumvent protection
  - Fix Serialized Attributes YAML Vulnerability

-------------------------------------------------------------------
Wed Jan 30 16:24:46 UTC 2013 - mrueckert@suse.de

- update to 2.3.16 (bnc#800320) CVE-2013-0333
  - Fix for CVE-2013-0155
- obsoletes 2-3-null_array_param.patch

-------------------------------------------------------------------
Thu Jan 17 11:46:46 UTC 2013 - mrueckert@suse.de

- update to 2.3.15: (bnc#796712, bnc#797449, bnc#797452)
  - CVE-2012-5664 options hashes should only be extracted if
    there are extra parameters
  - CVE-2012-2695 Fix SQL injection via nested hashes in conditions
- dropped 2-3-sql-injection.patch:
  included upstream
- added 2-3-null_array_param.patch: 
  Patch for CVE-2013-0155.

-------------------------------------------------------------------
Wed Jul 18 15:13:34 UTC 2012 - mrueckert@suse.de

- added 2-3-sql-injection.patch (CVE-2012-2695) (bnc#766792)

-------------------------------------------------------------------
Wed Aug 17 11:53:14 UTC 2011 - mrueckert@suse.de

- update to version 2.3.14
  - potential SQL injection with quote_table_name (bnc#712062)

-------------------------------------------------------------------
Mon Jun 20 17:07:28 UTC 2011 - mrueckert@suse.de

- update to version 2.3.12
  * Version Bump

-------------------------------------------------------------------
Wed Feb 16 11:11:50 UTC 2011 - mrueckert@suse.de

- update to version 2.3.11: (bnc#668817)
  - XSS Risk in mail_to :encode=>:javascript CVE-2011-0446
  - CSRF Bypass Risk CVE-2011-0447
  - Filter Problems on Case Insensitive Filesystems CVE-2011-0449
  - Potential SQL Injection with limit() CVE-2011-0448

-------------------------------------------------------------------
Mon Jan 17 13:34:57 UTC 2011 - mvidner@suse.cz

- Split off doc and testsuite subpackages. 

-------------------------------------------------------------------
Wed Oct 27 11:40:21 UTC 2010 - mrueckert@suse.de

- update to version 2.3.10
  * Security Release to fix CVE-2010-3933

-------------------------------------------------------------------
Sun Sep  5 11:10:08 UTC 2010 - mrueckert@suse.de

- update to version 2.3.9
  * Version bump.

-------------------------------------------------------------------
Tue May 25 16:11:20 UTC 2010 - mrueckert@suse.de

- use rubygems_requires macro

-------------------------------------------------------------------
Tue May 25 15:19:40 UTC 2010 - mrueckert@suse.de

- update to version 2.3.8
  * Version bump.
- additional changes from version 2.3.7
  * Version bump.
- additional changes from version 2.3.6
  * Add index length support for MySQL.
    #1852 [Emili Parreno, Pratik Naik]
  * find_or_create_by_attr(value, ...) works when attr is
    protected.  #4457 [Santiago Pastorino, Marc-André Lafortune]
  * JSON supports a custom root option: to_json(:root => 'custom')
    #4515 [Jatinder Singh]
  * Destroy uses optimistic locking. If lock_version on the record
    you're destroying doesn't match lock_version in the database, a
    StaleObjectError is raised.  #1966 [Curtis Hawthorne]
  * To prefix the table names of all models in a module, define
    self.table_name_prefix on the module.  #4032 [Andrew White]
  * Association inverses for belongs_to, has_one, and has_many.
    Optimization to reduce database queries.  #3533 [Murray Steele]
  * MySQL: add_ and change_column support positioning.
    #3286 [Ben Marini]
  * Reset your Active Record counter caches with the
    reset_counter_cache class method.
    #1211 [Mike Breen, Gabe da Silveira]

-------------------------------------------------------------------
Tue Dec  1 16:27:49 UTC 2009 - chris@computersalat.de

- update to version 2.3.5
  * Minor Bug Fixes and deprecation warnings
  * 1.9 Compatibility
  * Numerous fixes to the nested attributes functionality

-------------------------------------------------------------------
Thu Sep 10 12:03:16 UTC 2009 - adrian@suse.de

- update to version 2.3.4
  * PostgreSQL: XML datatype support.  #1874 [Leonardo Borges]
  * SQLite: deprecate the 'dbfile' option in favor of 'database.'
    #2363 [Paul Hinze, Jeremy Kemper]

-------------------------------------------------------------------
Mon Mar 16 20:38:16 CET 2009 - mrueckert@suse.de

- starting package for the rails 2.3 series

-------------------------------------------------------------------
openSUSE Build Service is sponsored by
Places