Overview
Request 155288 accepted
- update to 2.3.16 (bnc#800320) CVE-2013-0333
- fixing load error messages
- html_escape should escape single quotes
- Add an OkJson backend and remove the YAML backend
Fixes CVE-2013-0333. The ActiveSupport::JSON::Backends::Yaml
class is present but the functionality has been removed
entirely.
- obsoletes 3-0-escape_html-activesupport.patch:
upstreamed
- update to 2.3.15: (bnc#796712, bnc#797449, bnc#797452)
* Hash.from_xml raises when it encounters type="symbol" or
type="yaml". Use Hash.from_trusted_xml to parse this XML.
CVE-2013-0156 [Jeremy Kemper]
Request History
lijews created request
- update to 2.3.16 (bnc#800320) CVE-2013-0333
- fixing load error messages
- html_escape should escape single quotes
- Add an OkJson backend and remove the YAML backend
Fixes CVE-2013-0333. The ActiveSupport::JSON::Backends::Yaml
class is present but the functionality has been removed
entirely.
- obsoletes 3-0-escape_html-activesupport.patch:
upstreamed
- update to 2.3.15: (bnc#796712, bnc#797449, bnc#797452)
* Hash.from_xml raises when it encounters type="symbol" or
type="yaml". Use Hash.from_trusted_xml to parse this XML.
CVE-2013-0156 [Jeremy Kemper]
lijews accepted request
