SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for ruby2.5-rubygem-actionpack-6.1-6.1.7.8-lp153.1.2.x86_64.rpm :

* Fri Jun 21 2024 Dan Čermák - ## Rails 6.1.7.8 (June 04, 2024) ##
* Include the HTTP Permissions-Policy on non-HTML Content-Types [CVE-2024-28103] [#]# Rails 6.1.7.7 (February 21, 2024) ##
* No changes.
* Thu Nov 02 2023 Dan Čermák - ## Rails 6.1.7.6 (August 22, 2023) ##
* No changes. [#]# Rails 6.1.7.5 (August 22, 2023) ##
* No changes. [#]# Rails 6.1.7.4 (June 26, 2023) ##
* Raise an exception if illegal characters are provide to redirect_to [CVE-2023-28362]
* Zack Deveau
* [#]# Rails 6.1.7.3 (March 13, 2023) ##
* No changes. [#]# Rails 6.1.7.2 (January 24, 2023) ##
* Fix `domain: :all` for two letter TLD This fixes a compatibility issue introduced in our previous security release when using `domain: :all` with a two letter but single level top level domain domain (like `.ca`, rather than `.co.uk`). [#]# Rails 6.1.7.1 (January 17, 2023) ##
* Avoid regex backtracking on If-None-Match header [CVE-2023-22795]
* Use string#split instead of regex for domain parts [CVE-2023-22792]
* Mon Oct 10 2022 Stephan Kulow updated to version 6.1.7 see installed CHANGELOG.md [#]# Rails 6.1.7 (September 09, 2022) ##
* No changes.
* Thu Aug 04 2022 Stephan Kulow updated to version 6.1.6.1 see installed CHANGELOG.md [#]# Rails 6.1.6.1 (July 12, 2022) ##
* No changes.
* Thu Apr 28 2022 Stephan Kulow updated to version 6.1.5.1 see installed CHANGELOG.md [#]# Rails 6.1.5.1 (April 26, 2022) ##
* Allow Content Security Policy DSL to generate for API responses.
* Tim Wade
* [#]# Rails 6.1.5 (March 09, 2022) ##
* Fix `content_security_policy` returning invalid directives. Directives such as `self`, `unsafe-eval` and few others were not single quoted when the directive was the result of calling a lambda returning an array. ```ruby content_security_policy do |policy| policy.frame_ancestors lambda { [:self, \"https://example.com\"] } end ``` With this fix the policy generated from above will now be valid.
* Edouard Chin
*
* Update `HostAuthorization` middleware to render debug info only when `config.consider_all_requests_local` is set to true. Also, blocked host info is always logged with level `error`. Fixes #42813.
* Nikita Vyrko
*
* Dup arrays that get \"converted\". Fixes #43681.
* Aaron Patterson
*
* Don\'t show deprecation warning for equal paths.
* Anton Rieder
*
* Fix crash in `ActionController::Instrumentation` with invalid HTTP formats. Fixes #43094.
* Alex Ghiculescu
*
* Add fallback host for SystemTestCase driven by RackTest. Fixes #42780.
* Petrik de Heus
*
* Add more detail about what hosts are allowed.
* Alex Ghiculescu
* [#]# Rails 6.1.4.7 (March 08, 2022) ##
* No changes.
* Tue Feb 15 2022 Stephan Kulow updated to version 6.1.4.6 see installed CHANGELOG.md [#]# Rails 6.1.4.6 (February 11, 2022) ##
* No changes. [#]# Rails 6.1.4.5 (February 11, 2022) ##
* Under certain circumstances, the middleware isn\'t informed that the response body has been fully closed which result in request state not being fully reset before the next request [CVE-2022-23633]
* Tue Jan 25 2022 Stephan Kulow updated to version 6.1.4.4 see installed CHANGELOG.md [#]# Rails 6.1.4.4 (December 15, 2021) ##
* Fix issue with host protection not allowing host with port in development. [#]# Rails 6.1.4.3 (December 14, 2021) ##
* Fix issue with host protection not allowing localhost in development. [#]# Rails 6.1.4.2 (December 14, 2021) ##
* Fix X_FORWARDED_HOST protection. [CVE-2021-44528]
* Wed Aug 25 2021 Manuel Schnitzer - updated to version 6.1.4.1
* [CVE-2021-22942] Fix possible open redirect in Host Authorization middleware. Specially crafted \"X-Forwarded-Host\" headers in combination with certain \"allowed host\" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.
* Fri Jul 09 2021 Manuel Schnitzer - updated to version 6.1.4
* Ignore file fixtures on `db:fixtures:load`
* Kevin Sjöberg
*
* Fix ActionController::Live controller test deadlocks by removing the body buffer size limit for tests.
* Dylan Thacker-Smith
*
* Correctly place optional path parameter booleans. Previously, if you specify a url parameter that is part of the path as false it would include that part of the path as parameter for example: ``` get \"(/optional/:optional_id)/things\" => \"foo#foo\", as: :things things_path(optional_id: false) # => /things?optional_id=false ``` After this change, true and false will be treated the same when used as optional path parameters. Meaning now: ``` get \'(this/:my_bool)/that\' as: :that that_path(my_bool: true) # => `/this/true/that` that_path(my_bool: false) # => `/this/false/that` ```
* Adam Hess
*
* Add support for \'private, no-store\' Cache-Control headers. Previously, \'no-store\' was exclusive; no other directives could be specified.
* Alex Smith
*
* Fri May 14 2021 Manuel Schnitzer - updated to version 6.1.3.2
* Prevent open redirects by correctly escaping the host allow list CVE-2021-22903
* Prevent catastrophic backtracking during mime parsing CVE-2021-22902
* Prevent regex DoS in HTTP token authentication CVE-2021-22904
* Prevent string polymorphic route arguments. `url_for` supports building polymorphic URLs via an array of arguments (usually symbols and records). If a developer passes a user input array, strings can result in unwanted route helper calls. CVE-2021-22885
* Gannon McGibbon
*
* Tue Apr 20 2021 Manuel Schnitzer - updated to version 6.1.3.1
* no changes
* Mon Mar 15 2021 Manuel Schnitzer - updated to version 6.1.3
* Re-define routes when not set correctly via inheritance. John Hawthorn
* Mon Feb 15 2021 Manuel Schnitzer - updated to version 6.1.2.1 [#]# Rails 6.1.2.1 (February 10, 2021) ##
* Prevent open redirect when allowed host starts with a dot [CVE-2021-22881] Thanks to AATTtktech (https://hackerone.com/tktech) for reporting this issue and the patch!
* Aaron Patterson
* [#]# Rails 6.1.2 (February 09, 2021) ##
* Fix error in `ActionController::LogSubscriber` that would happen when throwing inside a controller action.
* Janko Marohnić
*
* Fix `fixture_file_upload` deprecation when `file_fixture_path` is a relative path.
* Eugene Kenny
*
* Wed Jan 20 2021 Manuel Schnitzer - updated to version 6.1.1
* Fix nil translation key lookup in controllers/ Jan Klimo
* Quietly handle unknown HTTP methods in Action Dispatch SSL middleware. Alex Robbin
* Change the request method to a GET when passing failed requests down to config.exceptions_app. Alex Robbin
* Fri Dec 11 2020 Manuel Schnitzer - removed build flags for Ruby 2.6 and 2.7 only We need to have Ruby 2.5 binaries as well.- removed disable_docs gem2rpm option (not available)
* Wed Dec 09 2020 Marcus Rueckert - update to version 6.1.0: https://weblog.rubyonrails.org/2020/12/9/Rails-6-1-0-release/
* Mon Nov 02 2020 Marcus Rueckert - initial package
  
ICM