SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for rubygem-actionpack-2_3-testsuite-2.3.17-3.24.1.x86_64.rpm :

* Tue Apr 02 2013 jmassaguerplaAATTsuse.com- add 2 patches to fix security issues: - bug-809935_2-3-css_sanitize.patch: CVE-2013-1855: rubygem-actionpack
*: XSS vulnerability in sanitize_css in Action Pack (bnc#809935) - bug-809940_2-3-sanitize_protocol.patch: CVE-2013-1857: rubygem-actionpack
*: XSS Vulnerability in the `sanitize` helper of Ruby on Rails (bnc#809940)
* Wed Feb 13 2013 mrueckertAATTsuse.de- update to version 2.3.17 (bnc#803336, bnc#803339) CVE-2013-0276 CVE-2013-0277: - testsuite updates for the active support single quote change
* Wed Jan 30 2013 mrueckertAATTsuse.de- update to 2.3.16 (bnc#800320) CVE-2013-0333 - backporting deep_munge - removing [nil] from the params - Do not mark strip_tags result as html_safe- this obsoletes all our patches: 2-3-null_array_param.patch 2-3-null_param.patch 3-0-strip_tags.patch
* Thu Jan 17 2013 mrueckertAATTsuse.de- update to 2.3.15: (bnc#796712, bnc#797449, bnc#797452) - handle missing \'HTTP_X_FORWARDED_FOR\' - added test suite for RCE bug
* Fri Sep 07 2012 mrueckertAATTsuse.de- added 3-0-strip_tags.patch: (bnc#775649) Do not mark strip_tags result as html_safe CVE-2012-3465
* Wed Jul 18 2012 mrueckertAATTsuse.de- added 2 patches to fix security issues: 2-3-null_param.patch (CVE-2012-2660) (bnc#765097) 2-3-null_array_param.patch (CVE-2012-2694) (bnc#766791)- track series file from quilt for easier handling
* Wed Aug 17 2011 mrueckertAATTsuse.de- update to version 2.3.14 - fix fixing strip tags vulnerability (bnc#712057) - fixing response splitting problem (bnc#712058)
* Mon Jun 20 2011 mrueckertAATTsuse.de- update to version 2.3.12 - dont call destroy on a session if it doesnt respond to destroy - fix session timeout handling
* Wed Feb 16 2011 mrueckertAATTsuse.de- update to version 2.3.11: (bnc#668817) - XSS Risk in mail_to :encode=>:javascript CVE-2011-0446 - CSRF Bypass Risk CVE-2011-0447 - Filter Problems on Case Insensitive Filesystems CVE-2011-0449 - Potential SQL Injection with limit() CVE-2011-0448
* Mon Jan 17 2011 mvidnerAATTsuse.cz- Split off doc and testsuite subpackages.
* Wed Oct 27 2010 mrueckertAATTsuse.de- update to version 2.3.10
* Version bump.
* Sun Sep 05 2010 mrueckertAATTsuse.de- update to version 2.3.9
* Version bump.
* Tue May 25 2010 mrueckertAATTsuse.de- use rubygems_requires macro
* Tue May 25 2010 mrueckertAATTsuse.de- update to version 2.3.8
* HTML safety: fix compatibility
*without
* the optional rails_xss plugin.- additional changes from version 2.3.7
* HTML safety: fix compatibility with the optional rails_xss plugin. [Nathan Weizenbaum, Santiago Pastorino]- additional changes from version 2.3.6
* JSON: set Base.include_root_in_json = true to include a root value in the JSON: {\"post\": {\"title\": ...}}. Mirrors the Active Record option. #2584 [Matthew Moore, Joe Martinez, Elad Meidar, Santiago Pastorino]
* Ruby 1.9: ERB template encoding using a magic comment at the top of the file. [Jeremy Kemper] <%# encoding: utf-8 %>
* Fixed that default locale templates should be used if the current locale template is missing [DHH]
* Fixed that PrototypeHelper#update_page should return html_safe [DHH]
* Fixed that much of DateHelper wouldn\'t return html_safe? strings [DHH]
* Fixed that fragment caching should return a cache hit as html_safe (or it would all just get escaped) [DHH]
* Introduce String#html_safe for rails_xss plugin and forward-compatibility with Rails 3. [Michael Koziarski, Santiago Pastorino, José Ignacio Costa]
* Added :alert, :notice, and :flash as options to ActionController::Base#redirect_to that\'ll automatically set the proper flash before the redirection [DHH].
* Added ActionController::Base#notice/= and ActionController::Base#alert/= as a convenience accessors in both the controller and the view for flash[:notice]/= and flash[:alert]/= [DHH]
* Added cookies.permanent, cookies.signed, and cookies.permanent.signed accessor for common cookie actions [DHH].- removed actionpack-2.3.5_button_to.patch: included in update
* Thu Feb 18 2010 aduffeckAATTnovell.com- add a patch to fix (bnc#581792): https://rails.lighthouseapp.com/projects/8994/tickets/3448-button_to-does-not-return-an-html-safe-string
* Fri Jan 15 2010 mrueckertAATTsuse.de- fix requires on rack. gem spec and code disagree with each other.
* Tue Dec 01 2009 chrisAATTcomputersalat.de- update to version 2.3.5 - Minor Bug Fixes and deprecation warnings - Ruby 1.9 Support - Fix filtering parameters when there are Fixnum or other un-dupable values. - Improvements to ActionView::TestCase - Compatiblity with the rails_xss plugin- removed actionpack-2.3.4_number_to_human_size_fix_eb30c695444b904d7937c8c12c59da9a8c4d60e5.patch: included in update
* Fri Nov 20 2009 mrueckertAATTsuse.de- added actionpack-2.3.4_number_to_human_size_fix_eb30c695444b904d7937c8c12c59da9a8c4d60e5.patch fix number_to_human_size (bnc#545720)
* Thu Sep 10 2009 adrianAATTsuse.de- update to version 2.3.4
* Fri Jun 05 2009 mrueckertAATTsuse.de- add rails-2.3.2_http_auth_digest_nil_check.patch: do not allow authentication with a missing password (bnc#509914)
* Mon Mar 16 2009 mrueckertAATTsuse.de- starting package for the rails 2.3 series
  
ICM