Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.4
rubygem-actionpack-2_3
rubygem-actionpack-2_3.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File rubygem-actionpack-2_3.changes of Package rubygem-actionpack-2_3
------------------------------------------------------------------- Tue Dec 10 16:08:05 UTC 2013 - jmassaguerpla@suse.com - fix CVE-2013-6415: rubygem-actionpack: number_to_currency XSS (bnc#853632). File CVE-2013-6415.patch contains the patch. ------------------------------------------------------------------- Tue Apr 2 11:35:27 UTC 2013 - jmassaguerpla@suse.com - add 2 patches to fix security issues: - bug-809935_2-3-css_sanitize.patch: CVE-2013-1855: rubygem-actionpack*: XSS vulnerability in sanitize_css in Action Pack (bnc#809935) - bug-809940_2-3-sanitize_protocol.patch: CVE-2013-1857: rubygem-actionpack*: XSS Vulnerability in the `sanitize` helper of Ruby on Rails (bnc#809940) ------------------------------------------------------------------- Thu Feb 28 09:49:01 UTC 2013 - lijewski.stefan@gmail.com - update to version 2.3.17 (bnc#803336, bnc#803339) CVE-2013-0276 CVE-2013-0277: - testsuite updates for the active support single quote change ------------------------------------------------------------------- Tue Feb 5 12:27:38 UTC 2013 - lijewski.stefan@gmail.com - update to 2.3.16 (bnc#800320) CVE-2013-0333 - backporting deep_munge - removing [nil] from the params - Do not mark strip_tags result as html_safe - this obsoletes all our patches: 2-3-null_array_param.patch 2-3-null_param.patch 3-0-strip_tags.patch - update to 2.3.15: (bnc#796712, bnc#797449, bnc#797452) - handle missing 'HTTP_X_FORWARDED_FOR' - added test suite for RCE bug ------------------------------------------------------------------- Fri Sep 7 18:54:19 UTC 2012 - mrueckert@suse.de - added 3-0-strip_tags.patch: (bnc#775649) Do not mark strip_tags result as html_safe CVE-2012-3465 ------------------------------------------------------------------- Wed Jul 18 14:57:18 UTC 2012 - mrueckert@suse.de - added 2 patches to fix security issues: 2-3-null_param.patch (CVE-2012-2660) (bnc#765097) 2-3-null_array_param.patch (CVE-2012-2694) (bnc#766791) - track series file from quilt for easier handling ------------------------------------------------------------------- Wed Aug 17 12:02:42 UTC 2011 - mrueckert@suse.de - update to version 2.3.14 - fix fixing strip tags vulnerability (bnc#712057) - fixing response splitting problem (bnc#712058) ------------------------------------------------------------------- Mon Jun 20 16:27:43 UTC 2011 - mrueckert@suse.de - update to version 2.3.12 - dont call destroy on a session if it doesnt respond to destroy - fix session timeout handling ------------------------------------------------------------------- Wed Feb 16 11:09:20 UTC 2011 - mrueckert@suse.de - update to version 2.3.11: (bnc#668817) - XSS Risk in mail_to :encode=>:javascript CVE-2011-0446 - CSRF Bypass Risk CVE-2011-0447 - Filter Problems on Case Insensitive Filesystems CVE-2011-0449 - Potential SQL Injection with limit() CVE-2011-0448 ------------------------------------------------------------------- Mon Jan 17 13:21:21 UTC 2011 - mvidner@suse.cz - Split off doc and testsuite subpackages. ------------------------------------------------------------------- Wed Oct 27 11:34:50 UTC 2010 - mrueckert@suse.de - update to version 2.3.10 * Version bump. ------------------------------------------------------------------- Sun Sep 5 11:07:19 UTC 2010 - mrueckert@suse.de - update to version 2.3.9 * Version bump. ------------------------------------------------------------------- Tue May 25 16:08:12 UTC 2010 - mrueckert@suse.de - use rubygems_requires macro ------------------------------------------------------------------- Tue May 25 15:07:19 UTC 2010 - mrueckert@suse.de - update to version 2.3.8 * HTML safety: fix compatibility *without* the optional rails_xss plugin. - additional changes from version 2.3.7 * HTML safety: fix compatibility with the optional rails_xss plugin. [Nathan Weizenbaum, Santiago Pastorino] - additional changes from version 2.3.6 * JSON: set Base.include_root_in_json = true to include a root value in the JSON: {"post": {"title": ...}}. Mirrors the Active Record option. #2584 [Matthew Moore, Joe Martinez, Elad Meidar, Santiago Pastorino] * Ruby 1.9: ERB template encoding using a magic comment at the top of the file. [Jeremy Kemper] <%# encoding: utf-8 %> * Fixed that default locale templates should be used if the current locale template is missing [DHH] * Fixed that PrototypeHelper#update_page should return html_safe [DHH] * Fixed that much of DateHelper wouldn't return html_safe? strings [DHH] * Fixed that fragment caching should return a cache hit as html_safe (or it would all just get escaped) [DHH] * Introduce String#html_safe for rails_xss plugin and forward-compatibility with Rails 3. [Michael Koziarski, Santiago Pastorino, José Ignacio Costa] * Added :alert, :notice, and :flash as options to ActionController::Base#redirect_to that'll automatically set the proper flash before the redirection [DHH]. * Added ActionController::Base#notice/= and ActionController::Base#alert/= as a convenience accessors in both the controller and the view for flash[:notice]/= and flash[:alert]/= [DHH] * Added cookies.permanent, cookies.signed, and cookies.permanent.signed accessor for common cookie actions [DHH]. - removed actionpack-2.3.5_button_to.patch: included in update ------------------------------------------------------------------- Thu Feb 18 14:09:24 UTC 2010 - aduffeck@novell.com - add a patch to fix (bnc#581792): https://rails.lighthouseapp.com/projects/8994/tickets/3448-button_to-does-not-return-an-html-safe-string ------------------------------------------------------------------- Fri Jan 15 14:21:37 UTC 2010 - mrueckert@suse.de - fix requires on rack. gem spec and code disagree with each other. ------------------------------------------------------------------- Tue Dec 1 18:19:07 UTC 2009 - chris@computersalat.de - update to version 2.3.5 - Minor Bug Fixes and deprecation warnings - Ruby 1.9 Support - Fix filtering parameters when there are Fixnum or other un-dupable values. - Improvements to ActionView::TestCase - Compatiblity with the rails_xss plugin - removed actionpack-2.3.4_number_to_human_size_fix_eb30c695444b904d7937c8c12c59da9a8c4d60e5.patch: included in update ------------------------------------------------------------------- Fri Nov 20 13:53:22 UTC 2009 - mrueckert@suse.de - added actionpack-2.3.4_number_to_human_size_fix_eb30c695444b904d7937c8c12c59da9a8c4d60e5.patch fix number_to_human_size (bnc#545720) ------------------------------------------------------------------- Thu Sep 10 12:03:08 UTC 2009 - adrian@suse.de - update to version 2.3.4 ------------------------------------------------------------------- Fri Jun 5 16:58:30 CEST 2009 - mrueckert@suse.de - add rails-2.3.2_http_auth_digest_nil_check.patch: do not allow authentication with a missing password (bnc#509914) ------------------------------------------------------------------- Mon Mar 16 20:34:36 CET 2009 - mrueckert@suse.de - starting package for the rails 2.3 series -------------------------------------------------------------------
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor