File rubygem-loofah.changes of Package rubygem-loofah

-------------------------------------------------------------------
Tue Nov  6 08:09:40 UTC 2018 - mschnitzer@suse.com

- Security Vulnerability Fix: Unsanitized JavaScript may occur in
  sanitized output when a crafted SVG element is republished.

  * Added CVE-2018-16468.patch to address this security issue

  (bsc#1113969, CVE-2018-16468)

- Added series file for a better patch handling with quilt

-------------------------------------------------------------------
Fri Mar 23 10:15:28 UTC 2018 - dkang@suse.com

- update to version 2.2.2

  * Make public Loofah::HTML5::Scrub.force_correct_attribute_escaping!, which was previously a private method.
    This is so that downstream gems (like rails-html-sanitizer) can use this logic directly for their own attribute scrubbers should they need to address CVE-2018-8048.
  fix bsc#1086598

-------------------------------------------------------------------
Tue Mar 20 09:19:17 UTC 2018 - dkang@suse.com

- Update to version 2.2.1

  Fix XSS Vulnerability [CVE-2018-8048]
  fix bsc#1085967

-------------------------------------------------------------------
Thu Feb 15 14:13:37 UTC 2018 - mrueckert@suse.de

- also set a description again

-------------------------------------------------------------------
Mon Feb 12 10:11:44 UTC 2018 - bgeuken@suse.com

- Update to version 2.2.0

  Features:

  * Support HTML5 <main> tag. #133 (Thanks, @MothOnMars!)
  * Recognize HTML5 block elements. #136 (Thanks, @MothOnMars!)
  * Support SVG <symbol> tag. #131 (Thanks, @baopham!)
  * Support for whitelisting CSS functions, initially just calc and rgb. #122/#123/#129 (Thanks, @NikoRoberts!)
  * Whitelist CSS property list-style-type. #68/#137/#142 (Thanks, @andela-ysanni and @NikoRoberts!)

  Bugfixes:

  * Properly handle nested script tags. #127.

-------------------------------------------------------------------
Fri Oct 13 11:25:11 UTC 2017 - mschnitzer@suse.com

- updated to version 2.1.1
  2.1.1 / 2017-09-24

  Bugfixes:
    * Removed warning for unused variable. #124 (Thanks, @y-yagi!)

-------------------------------------------------------------------
Tue Aug 18 04:32:46 UTC 2015 - coolo@suse.com

- updated to version 2.0.3
 see installed CHANGELOG.rdoc

  == 2.0.3 / 2015-08-17

  Bug fixes:

  * Revert support for negative values in CSS properties due to slow performance. #90 (Related to #85.)

-------------------------------------------------------------------
Wed May  6 04:30:11 UTC 2015 - coolo@suse.com

- updated to version 2.0.2
 see installed CHANGELOG.rdoc

  == 2.0.2 / 2015-05-05

  Bug fixes:

  * Fix error with `#to_text` when Loofah::Helpers hadn't been required. #75
  * Allow multi-word data attributes. #84 (Thanks, @jstorimer!)
  * Allow negative values in CSS properties. #85 (Thanks, @siddhartham!)

-------------------------------------------------------------------
Wed Nov 12 05:55:25 UTC 2014 - coolo@suse.com

- updated to version 2.0.1
 Bug fixes:
 * Load RR correctly when running test files directly. (Thanks, @ktdreyer!)

 Notes:
 * Extracted HTML5::Scrub#scrub_css_attribute to accommodate the Rails integration work. (Thanks, @kaspth!)

-------------------------------------------------------------------
Mon Oct 13 14:21:06 UTC 2014 - coolo@suse.com

- adapt to new rubygem packaging

-------------------------------------------------------------------
Sun May 18 09:04:34 UTC 2014 - coolo@suse.com

- updated to version 2.0.0
 Compatibility notes:

 * ActionView helpers now must be required explicitly: `require "loofah/helpers"`
 * Support for Ruby 1.8.7 and prior has been dropped

 Enhancements:

 * HTML5 whitelist allows the following ...
   * tags: `article`, `aside`, `bdi`, `bdo`, `canvas`, `command`, `datalist`, `details`, `figcaption`, `figure`, `footer`, `header`, `mark`, `meter`, `nav`, `output`, `section`, `summary`, `time`
   * attributes: `data-*` (Thanks, Rafael Franca!)
   * URI attributes: `poster` and `preload`
 * Addition of the `:unprintable` scrubber to remove unprintable characters from text nodes. #65 (Thanks, Matt Swanson!)
 * `Loofah.fragment` accepts an optional encoding argument, compatible with `Nokogiri::HTML::DocumentFragment.parse`. #62 (Thanks, Ben Atkins!)
 * HTML5 sanitizers now remove attributes without values. (Thanks, Kasper Timm Hansen!)

 Bug fixes:

 * HTML5 sanitizers' CSS keyword check now actually works (broken in v2.0). Additional regression tests added. (Thanks, Kasper Timm Hansen!)
 * HTML5 sanitizers now allow negative arguments to CSS. #64 (Thanks, Jon Calhoun!)

-------------------------------------------------------------------
Mon Jul 30 18:14:41 UTC 2012 - coolo@suse.com

- update to 1.2.1
  * Declaring encoding in html5/scrub.rb. Without this, use of the
    ruby -KU option would cause havoc. (#32)

-------------------------------------------------------------------
Thu Aug 25 07:42:30 UTC 2011 - fcastelli@novell.com

- add 'Provides rubygem-loofah-1_2'

-------------------------------------------------------------------
Wed Aug 24 21:45:16 UTC 2011 - fcastelli@novell.com

- upgrade to 1.2.0

-------------------------------------------------------------------
Thu Jul 21 16:00:10 UTC 2011 - fcastelli@novell.com

- Upgrade to version 1.0.0
- Add provides loofah_1_0 required to build latest version of
  rubygem-feedzirra.

-------------------------------------------------------------------
Fri Jun 11 18:42:16 UTC 2010 - mrueckert@suse.de

- additional changes from version 0.4.7
  * New methods Loofah::HTML::Document#to_text and
    Loofah::HTML::DocumentFragment#to_text do the right thing with
    whitespace. Note that these methods are significantly slower
    than #text. GH #12
  * Loofah::Elements::BLOCK_LEVEL contains a canonical list of
    HTML4 block-level4 elements.
  * Loofah::HTML::Document#text and
    Loofah::HTML::DocumentFragment#text will return unescaped HTML
    entities by passing :encode_special_chars => false.
- additional changes from version 0.4.4, 0.4.5, 0.4.6
  * Loofah::HTML::Document#text and
    Loofah::HTML::DocumentFragment#text now escape HTML entities.
  * Loofah::XssFoliate was not properly escaping HTML entities when
    implicitly scrubbing a string attribute. GH #17
- additional changes from version 0.4.3
  * All built-in scrubbers are accepted by
    ActiveRecord::Base.xss_foliate
  * Loofah::XssFoliate.xss_foliate_all_models replaces use of the
    constant LOOFAH_XSS_FOLIATE_ALL_MODELS
  * Modified documentation for bootstrapping XssFoliate in a Rails
    app, since the use of Bundler breaks the previously-documented
    method. To be safe, always use an initializer file.
- additional changes from version 0.4.2
  * Implemented Node#scrub! for scrubbing subtrees.
  * Implemented NodeSet#scrub! for scrubbing a set of subtrees.
  * Document.text now only serializes <body> contents
    (ignores <head>)
  * <head>, <html> and <body> added to the HTML5lib whitelist.
  * Supporting Rails apps that aren't loading ActiveRecord. GH #10

-------------------------------------------------------------------
Fri Jun 11 10:00:01 UTC 2010 - mrueckert@suse.de

- use rubygems_requires macro

-------------------------------------------------------------------
Thu Jan  7 18:17:12 CET 2010 - prusnak@suse.cz

- created package