SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for ruby2.5-rubygem-actionpack-4_2-4.2.2-1.99.x86_64.rpm :

* Tue Jan 26 2016 jmassaguerplaAATTsuse.com- fix bnc#963331 - CVE-2016-0751: rubygem-actionpack: Object Leak DoS CVE-2016-0751.patch: contains the fix
* Tue Jan 26 2016 jmassaguerplaAATTsuse.com- fix bnc#963335 - CVE-2015-7581: rubygem-actionpack: unbounded memory growth DoS via wildcard controller routes CVE-2015-7581.patch: contains the fix
* Tue Jan 26 2016 jmassaguerplaAATTsuse.com- fix bnc#963332 - CVE-2016-0752: rubygem-actionpack, rubygem-actionview: directory traversal and information leak in Action View CVE-2016-0752.patch: contains the security fix
* Tue Jan 26 2016 jmassaguerplaAATTsuse.com- fix CVE-2015-7576: rubygem-actionpack, rubygem-activesupport: Timing attack vulnerability in basic authentication in Action Controller CVE-2015-7576.patch: contains the fix (bsc#963329)
* Fri Jul 03 2015 jmassaguerplaAATTsuse.com- update to version 4.2.2, no changes (updated to match activesupport version) (bnc#934799 and bnc#934800).
* Sun Mar 22 2015 cooloAATTsuse.com- updated to version 4.2.1, see CHANGELOG.md
* Wed Jan 28 2015 adrianAATTsuse.de- update to 4.2.0
* Mon Jan 19 2015 dmuellerAATTsuse.com- update to 4.1.9:
* Fixed handling of positional url helper arguments when `format: false`.
* Restore handling of a bare `Authorization` header, without `token=` prefix.
* Fix regression where path was getting overwritten when route anchor was false, and X-Cascade pass
* Fix a bug where malformed query strings lead to 500.
* Fix arbitrary file existence disclosure in Action Pack (CVE-2014-7829)
* Fix arbitrary file existence disclosure in Action Pack (CVE-2014-7818)
* Mon Nov 10 2014 tboergerAATTsuse.com- To get rails 4 running on SLE 11 i have switched the rb_build_versions definition to rub21 as it is activated within devel:languages:ruby. That way we can get running rails 4 on SLE 11 too.
* Sun Oct 12 2014 cooloAATTsuse.com- updated to version 4.1.6
* Prepend a JS comment to JSONP callbacks. Addresses CVE-2014-4671 (\"Rosetta Flash\")
* Because URI paths may contain non US-ASCII characters we need to force the encoding of any unescaped URIs to UTF-8 if they are US-ASCII. This essentially replicates the functionality of the monkey patch to URI.parser.unescape in active_support/core_ext/uri.rb. Fixes #16104.
* Generate shallow paths for all children of shallow resources. Fixes #15783.
* JSONP responses are now rendered with the `text/javascript` content type when rendering through a `respond_to` block. Fixes #15081.
* Fix env[\'PATH_INFO\'] missing leading slash when a rack app mounted at \'/\'. Fixes #15511.
* ActionController::Parameters#require now accepts `false` values. Fixes #15685.
* Wed Jul 23 2014 mrueckertAATTsuse.com- - initial package
  
ICM