- added 3-0-escape_html-activesupport.patch: (bnc#775653)
Also encode single quote (CVE-2012-3464)

- update to version 2.3.14
- fixing utf8 escape vulerability (bnc#712060)
- Fix OrderedHash merging with block given.

- update to version 2.3.12
* Version bump

- update to version 2.3.11: (bnc#668817)
- XSS Risk in mail_to :encode=>:javascript CVE-2011-0446
- CSRF Bypass Risk CVE-2011-0447
- Filter Problems on Case Insensitive Filesystems CVE-2011-0449
- Potential SQL Injection with limit() CVE-2011-0448

- Split off doc subpackage.

- update to version 2.3.10
* i18n: bundle i18n 0.4.1 for forward compatibility with Rails 3.
Deprecates {{foo}} interpolation syntax in favor of 1.9-native
%{foo}.
* Deprecate Kernel#returning in favor of Object#tap since it's
included in Ruby 1.8.7 and later. [Santiago Pastorino]
* Deprecates ActiveSupport::Dependencies.load_(once_)paths,
renamed to autoload_(once_)paths. [fxn]
* Deprecates Array#random_element, renamed to sample to match
Ruby 1.9, thanks to Marc-Andre Lafortune. [fxn]

- update to version 2.3.9