SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for ruby3.3-rubygem-actionpack-5.2-5.2.8.1-2.12.x86_64.rpm :

* Sun May 14 2023 Marcus Rueckert - cleanup ruby version restrictions
* Wed Jul 13 2022 Marcus Rueckert - Update to version 5.2.8.1: (boo#1201465 CVE-2022-32224) https://rubyonrails.org/2022/7/12/Rails-Versions-7-0-3-1-6-1-6-1-6-0-5-1-and-5-2-8-1-have-been-released
* Mon Mar 14 2022 Daniel Molkentin - Update to version 5.2.6.3: https://rubyonrails.org/2022/3/8/Rails-7-0-2-3-6-1-4-7-6-0-4-7-and-5-2-6-3-have-been-released https://discuss.rubyonrails.org/t/cve-2022-21831-possible-code-injection-vulnerability-in-rails-active-storage/80199
* Sat Feb 12 2022 Marcus Rueckert - Update to version 5.2.6.2: https://rubyonrails.org/2022/2/11/Rails-7-0-2-2-6-1-4-6-6-0-4-6-and-5-2-6-2-have-been-released https://github.com/rails/rails/security/advisories/GHSA-wh98-p28r-vrc9 https://discuss.rubyonrails.org/t/cve-2022-23633-possible-exposure-of-information-vulnerability-in-action-pack/80016
* Thu Jun 24 2021 Stephan Kulow updated to version 5.2.6 see installed CHANGELOG.md [#]# Rails 5.2.6 (May 05, 2021) ##
* Accept base64_urlsafe CSRF tokens to make forward compatible. Base64 strict-encoded CSRF tokens are not inherently websafe, which makes them difficult to deal with. For example, the common practice of sending the CSRF token to a browser in a client-readable cookie does not work properly out of the box: the value has to be url-encoded and decoded to survive transport. In this version, we generate Base64 urlsafe-encoded CSRF tokens, which are inherently safe to transport. Validation accepts both urlsafe tokens, and strict-encoded tokens for backwards compatibility. How the tokes are encoded is controllr by the `action_controller.urlsafe_csrf_tokens` config. In Rails 5.2.5, the CSRF token format was accidentally changed to urlsafe-encoded.
*
*Atention
*
*: If you already upgraded your application to 5.2.5, set the config `urlsafe_csrf_tokens` to `true`, otherwise your form submission will start to fail during the deploy of this new version. ```ruby Rails.application.config.action_controller.urlsafe_csrf_tokens = true ``` If you are upgrading from 5.2.4.x, you don\'t need to change this configuration.
* Scott Blum
*,
*Étienne Barrié
* [#]# Rails 5.2.5 (March 26, 2021) ##
* No changes. [#]# Rails 5.2.4.6 (May 05, 2021) ##
* Prevent regex DoS in HTTP token authentication CVE-2021-22904
* Prevent string polymorphic route arguments. `url_for` supports building polymorphic URLs via an array of arguments (usually symbols and records). If a developer passes a user input array, strings can result in unwanted route helper calls. CVE-2021-22885
* Gannon McGibbon
* [#]# Rails 5.2.4.5 (February 10, 2021) ##
* No changes.
* Fri Sep 25 2020 Stephan Kulow updated to version 5.2.4.4 see installed CHANGELOG.md [#]# Rails 5.2.4.4 (September 09, 2020) ##
* No changes. [#]# Rails 5.2.4.3 (May 18, 2020) ##
* [CVE-2020-8166] HMAC raw CSRF token before masking it, so it cannot be used to reconstruct a per-form token
* [CVE-2020-8164] Return self when calling #each, #each_pair, and #each_value instead of the raw AATTparameters hash
* Thu May 07 2020 Stephan Kulow - updated to version 5.2.4.2 see installed CHANGELOG.md
* Fri Dec 20 2019 Marcus Rueckert - update to version 5.2.4.1 (CVE-2019-16782): https://weblog.rubyonrails.org/2019/12/18/Rails-5-2-4-1-has-been-released/
* Thu Nov 28 2019 Manuel Schnitzer - updated to version 5.2.4
* no changes
* Fri Mar 29 2019 Stephan Kulow - updated to version 5.2.3 see installed CHANGELOG.md [#]# Rails 5.2.3 (March 27, 2019) ##
* Allow using combine the Cache Control `public` and `no-cache` headers. Before this change, even if `public` was specified for Cache Control header, it was excluded when `no-cache` was included. This fixed to keep `public` header as is. Fixes #34780.
* Yuji Yaginuma
*
* Allow `nil` params for `ActionController::TestCase`.
* Ryo Nakamura
*
 
ICM