Overview

File rubygem-actionpack-4_2.changes of Package rubygem-actionpack-4_2

-------------------------------------------------------------------
Wed Jan 27 14:56:13 UTC 2016 - jloehel@suse.com

- fix bnc#963329 - CVE-2015-7576: rubygem-actionpack,
  rubygem-activesupport: Timing attack vulnerability in basic
  authentication in Action Controller
  CVE-2015-7576.patch: contains the fix

- fix bnc#963332 - CVE-2016-0752: rubygem-actionpack,
  rubygem-actionview: directory traversal and information leak in
  Action View
  CVE-2016-0752.patch: contains the security fix

- fix bnc#963335 - CVE-2015-7581: rubygem-actionpack: unbounded
  memory growth DoS via wildcard controller routes
  CVE-2015-7581.patch: contains the fix

- fix bnc#963331 - CVE-2016-0751: rubygem-actionpack: Object Leak DoS
  CVE-2016-0751.patch: contains the fix  

-------------------------------------------------------------------
Tue Aug 25 04:29:18 UTC 2015 - coolo@suse.com

- updated to version 4.2.4
 see installed CHANGELOG.md

  ## Rails 4.2.4 (August 24, 2015) ##
  
  *   ActionController::TestSession now accepts a default value as well as
      a block for generating a default value based off the key provided.
  
      This fixes calls to session#fetch in ApplicationController instances that
      take more two arguments or a block from raising `ArgumentError: wrong
      number of arguments (2 for 1)` when performing controller tests.
  
      *Matthew Gerrior*
  
  *   Fix to keep original header instance in `ActionDispatch::SSL`
  
      `ActionDispatch::SSL` changes headers to `Hash`.
      So some headers will be broken if there are some middlewares
      on `ActionDispatch::SSL` and if it uses `Rack::Utils::HeaderHash`.
  
      *Fumiaki Matsushima*

-------------------------------------------------------------------
Fri Jun 26 04:29:34 UTC 2015 - coolo@suse.com

- updated to version 4.2.3
 see installed CHANGELOG.md

  ## Rails 4.2.3 (June 25, 2015) ##
  
  *   Fix rake routes not showing the right format when
      nesting multiple routes.
  
      See #18373.
  
      *Ravil Bayramgalin*
  
  *   Fix regression where a gzip file response would have a Content-type,
      even when it was a 304 status code.
  
      See #19271.
  
      *Kohei Suzuki*
  
  *   Fix handling of empty X_FORWARDED_HOST header in raw_host_with_port
  
      Previously, an empty X_FORWARDED_HOST header would cause
      Actiondispatch::Http:URL.raw_host_with_port to return nil, causing
      Actiondispatch::Http:URL.host to raise a NoMethodError.
  
      *Adam Forsyth*
  
  *   Fallback to `ENV['RAILS_RELATIVE_URL_ROOT']` in `url_for`.
  
      Fixed an issue where the `RAILS_RELATIVE_URL_ROOT` environment variable is not
      prepended to the path when `url_for` is called. If `SCRIPT_NAME` (used by Rack)
      is set, it takes precedence.
  
      Fixes #5122.
  
      *Yasyf Mohamedali*
  
  *   Fix regression in functional tests. Responses should have default headers
      assigned.
  
      See #18423.
  
      *Jeremy Kemper*, *Yves Senn*

-------------------------------------------------------------------
Wed Jun 17 04:30:01 UTC 2015 - coolo@suse.com

- updated to version 4.2.2
 see installed CHANGELOG.md

  ## Rails 4.2.2 (June 16, 2015) ##
  
  * No Changes *

-------------------------------------------------------------------
Sun Mar 22 09:07:28 UTC 2015 - coolo@suse.com

- updated to version 4.2.1, see CHANGELOG.md

-------------------------------------------------------------------
Wed Jan 28 12:29:23 UTC 2015 - adrian@suse.de

- update to 4.2.0

-------------------------------------------------------------------
Mon Jan 19 21:09:53 UTC 2015 - dmueller@suse.com

-  update to 4.1.9:
   * Fixed handling of positional url helper arguments when `format: false`.
   * Restore handling of a bare `Authorization` header, without `token=`
     prefix.
   * Fix regression where path was getting overwritten when route anchor was false, and X-Cascade pass
   * Fix a bug where malformed query strings lead to 500.
   * Fix arbitrary file existence disclosure in Action Pack (CVE-2014-7829)
   * Fix arbitrary file existence disclosure in Action Pack (CVE-2014-7818)

-------------------------------------------------------------------
Mon Nov 10 14:00:03 UTC 2014 - tboerger@suse.com

- To get rails 4 running on SLE 11 i have switched the
  rb_build_versions definition to rub21 as it is activated within
  devel:languages:ruby. That way we can get running rails 4 on
  SLE 11 too.

-------------------------------------------------------------------
Sun Oct 12 16:20:05 UTC 2014 - coolo@suse.com

- updated to version 4.1.6
 *   Prepend a JS comment to JSONP callbacks. Addresses CVE-2014-4671
     ("Rosetta Flash")
 *   Because URI paths may contain non US-ASCII characters we need to force
     the encoding of any unescaped URIs to UTF-8 if they are US-ASCII.
     This essentially replicates the functionality of the monkey patch to
     URI.parser.unescape in active_support/core_ext/uri.rb.
     Fixes #16104.
 *   Generate shallow paths for all children of shallow resources.
     Fixes #15783.
 *   JSONP responses are now rendered with the `text/javascript` content type
     when rendering through a `respond_to` block.
     Fixes #15081.
 *   Fix env['PATH_INFO'] missing leading slash when a rack app mounted at '/'.
     Fixes #15511.
 *   ActionController::Parameters#require now accepts `false` values.
     Fixes #15685.

-------------------------------------------------------------------
Wed Jul 23 13:26:43 UTC 2014 - mrueckert@suse.com

- - initial package
openSUSE Build Service is sponsored by
Places