SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for ruby2.7-rubygem-actionpack-5.2-5.2.8.1-lp155.1.5.x86_64.rpm :

* Thu Aug 04 2022 Stephan Kulow updated to version 5.2.8.1 see installed CHANGELOG.md [#]# Rails 5.2.8.1 (July 12, 2022) ##
* No changes. [#]# Rails 5.2.8 (May 09, 2022) ##
* No changes.
* Thu Apr 28 2022 Stephan Kulow updated to version 5.2.7.1 see installed CHANGELOG.md [#]# Rails 5.2.7.1 (April 26, 2022) ##
* Allow Content Security Policy DSL to generate for API responses.
* Tim Wade
* [#]# Rails 5.2.7 (March 10, 2022) ##
* No changes. [#]# Rails 5.2.6.3 (March 08, 2022) ##
* No changes.
* Tue Feb 15 2022 Stephan Kulow updated to version 5.2.6.2 see installed CHANGELOG.md [#]# Rails 5.2.6.2 (February 11, 2022) ##
* No changes. [#]# Rails 5.2.6.1 (February 11, 2022) ##
* Under certain circumstances, the middleware isn\'t informed that the response body has been fully closed which result in request state not being fully reset before the next request [CVE-2022-23633]
* Thu Jun 24 2021 Stephan Kulow updated to version 5.2.6 see installed CHANGELOG.md [#]# Rails 5.2.6 (May 05, 2021) ##
* Accept base64_urlsafe CSRF tokens to make forward compatible. Base64 strict-encoded CSRF tokens are not inherently websafe, which makes them difficult to deal with. For example, the common practice of sending the CSRF token to a browser in a client-readable cookie does not work properly out of the box: the value has to be url-encoded and decoded to survive transport. In this version, we generate Base64 urlsafe-encoded CSRF tokens, which are inherently safe to transport. Validation accepts both urlsafe tokens, and strict-encoded tokens for backwards compatibility. How the tokes are encoded is controllr by the `action_controller.urlsafe_csrf_tokens` config. In Rails 5.2.5, the CSRF token format was accidentally changed to urlsafe-encoded.
*
*Atention
*
*: If you already upgraded your application to 5.2.5, set the config `urlsafe_csrf_tokens` to `true`, otherwise your form submission will start to fail during the deploy of this new version. ```ruby Rails.application.config.action_controller.urlsafe_csrf_tokens = true ``` If you are upgrading from 5.2.4.x, you don\'t need to change this configuration.
* Scott Blum
*,
*Étienne Barrié
* [#]# Rails 5.2.5 (March 26, 2021) ##
* No changes. [#]# Rails 5.2.4.6 (May 05, 2021) ##
* Prevent regex DoS in HTTP token authentication CVE-2021-22904
* Prevent string polymorphic route arguments. `url_for` supports building polymorphic URLs via an array of arguments (usually symbols and records). If a developer passes a user input array, strings can result in unwanted route helper calls. CVE-2021-22885
* Gannon McGibbon
* [#]# Rails 5.2.4.5 (February 10, 2021) ##
* No changes.
* Fri Sep 25 2020 Stephan Kulow updated to version 5.2.4.4 see installed CHANGELOG.md [#]# Rails 5.2.4.4 (September 09, 2020) ##
* No changes. [#]# Rails 5.2.4.3 (May 18, 2020) ##
* [CVE-2020-8166] HMAC raw CSRF token before masking it, so it cannot be used to reconstruct a per-form token
* [CVE-2020-8164] Return self when calling #each, #each_pair, and #each_value instead of the raw AATTparameters hash
* Thu May 07 2020 Stephan Kulow - updated to version 5.2.4.2 see installed CHANGELOG.md
* Fri Dec 20 2019 Marcus Rueckert - update to version 5.2.4.1 (CVE-2019-16782): https://weblog.rubyonrails.org/2019/12/18/Rails-5-2-4-1-has-been-released/
* Thu Nov 28 2019 Manuel Schnitzer - updated to version 5.2.4
* no changes
* Fri Mar 29 2019 Stephan Kulow - updated to version 5.2.3 see installed CHANGELOG.md [#]# Rails 5.2.3 (March 27, 2019) ##
* Allow using combine the Cache Control `public` and `no-cache` headers. Before this change, even if `public` was specified for Cache Control header, it was excluded when `no-cache` was included. This fixed to keep `public` header as is. Fixes #34780.
* Yuji Yaginuma
*
* Allow `nil` params for `ActionController::TestCase`.
* Ryo Nakamura
*
* Thu Mar 14 2019 Marcus Rueckert - update to version 5.2.2.1: https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/ CVE-2019-5418 CVE-2019-5419 CVE-2019-5420
* Sat Jan 19 2019 Marcus Rueckert - rb_build_ruby_abi needs to be rb_build_ruby_abis
* Fri Jan 18 2019 Marcus Rueckert - limit to ruby 2.5 and above for 42.3/sle12
* Sat Dec 08 2018 Stephan Kulow - updated to version 5.2.2 see installed CHANGELOG.md [#]# Rails 5.2.2 (December 04, 2018) ##
* Reset Capybara sessions if failed system test screenshot raising an exception. Reset Capybara sessions if `take_failed_screenshot` raise exception in system test `after_teardown`.
* Maxim Perepelitsa
*
* Use request object for context if there\'s no controller There is no controller instance when using a redirect route or a mounted rack application so pass the request object as the context when resolving dynamic CSP sources in this scenario. Fixes #34200.
* Andrew White
*
* Apply mapping to symbols returned from dynamic CSP sources Previously if a dynamic source returned a symbol such as :self it would be converted to a string implicity, e.g: policy.default_src -> { :self } would generate the header: Content-Security-Policy: default-src self and now it generates: Content-Security-Policy: default-src \'self\'
* Andrew White
*
* Fix `rails routes -c` for controller name consists of multiple word.
* Yoshiyuki Kinjo
*
* Call the `#redirect_to` block in controller context.
* Steven Peckins
*
* Mon Dec 03 2018 mschnitzerAATTsuse.com- updated to version 5.2.1.1 (boo#1118076)
* No changes / Just a version bump to match with Rails 5.2.1.1
* Wed Aug 08 2018 mschnitzerAATTsuse.com- updated to version 5.2.1 (boo#1104209)
* Prevent `?null=` being passed on JSON encoded test requests. `RequestEncoder#encode_params` won\'t attempt to parse params if there are none. So call like this will no longer append a `?null=` query param. get foos_url, as: :json (Alireza Bashiri)
* Ensure `ActionController::Parameters#transform_values` and `ActionController::Parameters#transform_values!` converts hashes into parameters. (Kevin Sjöberg)
* Fix strong parameters `permit!` with nested arrays. Given: ``` params = ActionController::Parameters.new(nested_arrays: [[{ x: 2, y: 3 }, { x: 21, y: 42 }]]) params.permit! ``` `params[:nested_arrays][0][0].permitted?` will now return `true` instead of `false`. (Steve Hull)
* Reset `RAW_POST_DATA` and `CONTENT_LENGTH` request environment between test requests in `ActionController::TestCase` subclasses. (Eugene Kenny)
* Output only one Content-Security-Policy nonce header value per request. Fixes #32597. (Andrey Novikov, Andrew White)
* Only disable GPUs for headless Chrome on Windows. It is not necessary anymore for Linux and macOS machines. https://bugs.chromium.org/p/chromium/issues/detail?id=737678#c1 (Stefan Wrobel)
* Fix system tests transactions not closed between examples. (Sergey Tarasov)
* Mon Apr 16 2018 mschnitzerAATTsuse.com- initialize package see changelog: https://github.com/rails/rails/blob/v5.2.0/actionpack/CHANGELOG.md
  
ICM