SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for ruby2.1-rubygem-actionpack-4_2-4.2.2-1.1.x86_64.rpm :
Tue Jan 26 13:00:00 2016 jmassaguerplaAATTsuse.com
- fix bnc#963331 - CVE-2016-0751: rubygem-actionpack: Object Leak DoS
CVE-2016-0751.patch: contains the fix

Tue Jan 26 13:00:00 2016 jmassaguerplaAATTsuse.com
- fix bnc#963335 - CVE-2015-7581: rubygem-actionpack: unbounded
memory growth DoS via wildcard controller routes
CVE-2015-7581.patch: contains the fix

Tue Jan 26 13:00:00 2016 jmassaguerplaAATTsuse.com
- fix bnc#963332 - CVE-2016-0752: rubygem-actionpack,
rubygem-actionview: directory traversal and information leak in
Action View
CVE-2016-0752.patch: contains the security fix

Tue Jan 26 13:00:00 2016 jmassaguerplaAATTsuse.com
- fix CVE-2015-7576: rubygem-actionpack, rubygem-activesupport:
Timing attack vulnerability in basic authentication in Action Controller
CVE-2015-7576.patch: contains the fix (bsc#963329)

Fri Jul 3 14:00:00 2015 jmassaguerplaAATTsuse.com
- update to version 4.2.2, no changes
(updated to match activesupport version)
(bnc#934799 and bnc#934800).

Sun Mar 22 13:00:00 2015 cooloAATTsuse.com
- updated to version 4.2.1, see CHANGELOG.md

Wed Jan 28 13:00:00 2015 adrianAATTsuse.de
- update to 4.2.0

Mon Jan 19 13:00:00 2015 dmuellerAATTsuse.com
- update to 4.1.9:

* Fixed handling of positional url helper arguments when `format: false`.

* Restore handling of a bare `Authorization` header, without `token=`
prefix.

* Fix regression where path was getting overwritten when route anchor was false, and X-Cascade pass

* Fix a bug where malformed query strings lead to 500.

* Fix arbitrary file existence disclosure in Action Pack (CVE-2014-7829)

* Fix arbitrary file existence disclosure in Action Pack (CVE-2014-7818)

Mon Nov 10 13:00:00 2014 tboergerAATTsuse.com
- To get rails 4 running on SLE 11 i have switched the
rb_build_versions definition to rub21 as it is activated within
devel:languages:ruby. That way we can get running rails 4 on
SLE 11 too.

Sun Oct 12 14:00:00 2014 cooloAATTsuse.com
- updated to version 4.1.6

* Prepend a JS comment to JSONP callbacks. Addresses CVE-2014-4671
(\"Rosetta Flash\")

* Because URI paths may contain non US-ASCII characters we need to force
the encoding of any unescaped URIs to UTF-8 if they are US-ASCII.
This essentially replicates the functionality of the monkey patch to
URI.parser.unescape in active_support/core_ext/uri.rb.
Fixes #16104.

* Generate shallow paths for all children of shallow resources.
Fixes #15783.

* JSONP responses are now rendered with the `text/javascript` content type
when rendering through a `respond_to` block.
Fixes #15081.

* Fix env[\'PATH_INFO\'] missing leading slash when a rack app mounted at \'/\'.
Fixes #15511.

* ActionController::Parameters#require now accepts `false` values.
Fixes #15685.

Wed Jul 23 14:00:00 2014 mrueckertAATTsuse.com
- - initial package


  
ICM