File rubygem-activesupport-4_2.changes of Package rubygem-activesupport-4_2
-------------------------------------------------------------------
Wed Jan 27 16:28:25 UTC 2016 - jloehel@suse.com
- fix bnc#963329 - CVE-2016-07576: rubygem-actionpack, rubygem-activesupport:
Timing attack vulnerability in basic authentication in Action Controller
CVE-2016-07576.patch: contains the fix
- fix bnc#963334 - CVE-2016-0753: rubygem-activemodel,
rubygem-activesupport, rubygem-activerecord: Input Validation
Circumvention
CVE-2016-0753.patch: contains the fix
-------------------------------------------------------------------
Tue Aug 25 04:31:44 UTC 2015 - coolo@suse.com
- updated to version 4.2.4
see installed CHANGELOG.md
## Rails 4.2.4 (August 24, 2015) ##
* Fix a `SystemStackError` when encoding an `Enumerable` with `json` gem and
with the Active Support JSON encoder loaded.
Fixes #20775.
*Sammy Larbi*, *Prathamesh Sonpatki*
* Fix not calling `#default` on `HashWithIndifferentAcess#to_hash` when only
`default_proc` is set, which could raise.
*Simon Eskildsen*
* Fix setting `default_proc` on `HashWithIndifferentAccess#dup`
*Simon Eskildsen*
-------------------------------------------------------------------
Fri Jun 26 04:32:28 UTC 2015 - coolo@suse.com
- updated to version 4.2.3
see installed CHANGELOG.md
## Rails 4.2.3 (June 25, 2015) ##
* Fix a range of values for parameters of the Time#change
*Nikolay Kondratyev*
* Add some missing `require 'active_support/deprecation'`
*Akira Matsuda*
-------------------------------------------------------------------
Wed Jun 17 04:33:49 UTC 2015 - coolo@suse.com
- updated to version 4.2.2
see installed CHANGELOG.md
## Rails 4.2.2 (June 16, 2015) ##
* Fix XSS vulnerability in `ActiveSupport::JSON.encode` method.
CVE-2015-3226.
*Rafael Mendonça França*
* Fix denial of service vulnerability in the XML processing.
CVE-2015-3227.
*Aaron Patterson*
-------------------------------------------------------------------
Mon Mar 23 11:12:09 UTC 2015 - coolo@suse.com
- updated to version 4.2.1
* Fixed a problem where String#truncate_words would get stuck with a complex
string.
*Henrik Nygren*
* Fixed a roundtrip problem with AS::SafeBuffer where primitive-like strings
will be dumped as primitives:
Before:
YAML.load ActiveSupport::SafeBuffer.new("Hello").to_yaml # => "Hello"
YAML.load ActiveSupport::SafeBuffer.new("true").to_yaml # => true
YAML.load ActiveSupport::SafeBuffer.new("false").to_yaml # => false
YAML.load ActiveSupport::SafeBuffer.new("1").to_yaml # => 1
YAML.load ActiveSupport::SafeBuffer.new("1.1").to_yaml # => 1.1
After:
YAML.load ActiveSupport::SafeBuffer.new("Hello").to_yaml # => "Hello"
YAML.load ActiveSupport::SafeBuffer.new("true").to_yaml # => "true"
YAML.load ActiveSupport::SafeBuffer.new("false").to_yaml # => "false"
YAML.load ActiveSupport::SafeBuffer.new("1").to_yaml # => "1"
YAML.load ActiveSupport::SafeBuffer.new("1.1").to_yaml # => "1.1"
*Godfrey Chan*
* Replace fixed `:en` with `I18n.default_locale` in `Duration#inspect`.
*Dominik Masur*
* Add missing time zone definitions for Russian Federation and sync them
with `zone.tab` file from tzdata version 2014j (latest).
*Andrey Novikov*
-------------------------------------------------------------------
Mon Jan 19 21:13:16 UTC 2015 - dmueller@suse.com
- update to 4.1.9:
* `Method` objects now report themselves as not `duplicable?`. This allows
hashes and arrays containing `Method` objects to be `deep_dup`ed.
-------------------------------------------------------------------
Mon Nov 10 14:00:03 UTC 2014 - tboerger@suse.com
- To get rails 4 running on SLE 11 i have switched the
rb_build_versions definition to rub21 as it is activated within
devel:languages:ruby. That way we can get running rails 4 on
SLE 11 too.
-------------------------------------------------------------------
Tue Oct 14 10:00:19 UTC 2014 - coolo@suse.com
- updated to version 4.1.6
* Fix DateTime comparison with DateTime::Infinity object.
* Fixed a compatibility issue with the `Oj` gem when cherry-picking the file
`active_support/core_ext/object/json` without requiring `active_support/json`.
Fixes #16131.
* Make Dependencies pass a name to NameError error.
* Fixed precision error in NumberHelper when using Rationals.
before:
ActiveSupport::NumberHelper.number_to_rounded Rational(1000, 3), precision: 2
#=> "330.00"
after:
ActiveSupport::NumberHelper.number_to_rounded Rational(1000, 3), precision: 2
#=> "333.33"
See #15379.
-------------------------------------------------------------------
Wed Jul 23 13:30:47 UTC 2014 - mrueckert@suse.com
- - initial package
