|
|
 |
|
|
Changelog for ruby3.2-rubygem-actionpack-5.2-5.2.8.1-4.27.x86_64.rpm :
* Thu Aug 04 2022 Stephan Kulow updated to version 5.2.8.1 see installed CHANGELOG.md [#]# Rails 5.2.8.1 (July 12, 2022) ##
* No changes. [#]# Rails 5.2.8 (May 09, 2022) ##
* No changes.
* Thu Apr 28 2022 Stephan Kulow updated to version 5.2.7.1 see installed CHANGELOG.md [#]# Rails 5.2.7.1 (April 26, 2022) ##
* Allow Content Security Policy DSL to generate for API responses.
* Tim Wade
* [#]# Rails 5.2.7 (March 10, 2022) ##
* No changes. [#]# Rails 5.2.6.3 (March 08, 2022) ##
* No changes.
* Tue Feb 15 2022 Stephan Kulow updated to version 5.2.6.2 see installed CHANGELOG.md [#]# Rails 5.2.6.2 (February 11, 2022) ##
* No changes. [#]# Rails 5.2.6.1 (February 11, 2022) ##
* Under certain circumstances, the middleware isn\'t informed that the response body has been fully closed which result in request state not being fully reset before the next request [CVE-2022-23633]
* Thu Jun 24 2021 Stephan Kulow updated to version 5.2.6 see installed CHANGELOG.md [#]# Rails 5.2.6 (May 05, 2021) ##
* Accept base64_urlsafe CSRF tokens to make forward compatible. Base64 strict-encoded CSRF tokens are not inherently websafe, which makes them difficult to deal with. For example, the common practice of sending the CSRF token to a browser in a client-readable cookie does not work properly out of the box: the value has to be url-encoded and decoded to survive transport. In this version, we generate Base64 urlsafe-encoded CSRF tokens, which are inherently safe to transport. Validation accepts both urlsafe tokens, and strict-encoded tokens for backwards compatibility. How the tokes are encoded is controllr by the `action_controller.urlsafe_csrf_tokens` config. In Rails 5.2.5, the CSRF token format was accidentally changed to urlsafe-encoded.
*
*Atention
*
*: If you already upgraded your application to 5.2.5, set the config `urlsafe_csrf_tokens` to `true`, otherwise your form submission will start to fail during the deploy of this new version. ```ruby Rails.application.config.action_controller.urlsafe_csrf_tokens = true ``` If you are upgrading from 5.2.4.x, you don\'t need to change this configuration.
* Scott Blum
*,
*Étienne Barrié
* [#]# Rails 5.2.5 (March 26, 2021) ##
* No changes. [#]# Rails 5.2.4.6 (May 05, 2021) ##
* Prevent regex DoS in HTTP token authentication CVE-2021-22904
* Prevent string polymorphic route arguments. `url_for` supports building polymorphic URLs via an array of arguments (usually symbols and records). If a developer passes a user input array, strings can result in unwanted route helper calls. CVE-2021-22885
* Gannon McGibbon
* [#]# Rails 5.2.4.5 (February 10, 2021) ##
* No changes.
* Fri Sep 25 2020 Stephan Kulow updated to version 5.2.4.4 see installed CHANGELOG.md [#]# Rails 5.2.4.4 (September 09, 2020) ##
* No changes. [#]# Rails 5.2.4.3 (May 18, 2020) ##
* [CVE-2020-8166] HMAC raw CSRF token before masking it, so it cannot be used to reconstruct a per-form token
* [CVE-2020-8164] Return self when calling #each, #each_pair, and #each_value instead of the raw AATTparameters hash
* Thu May 07 2020 Stephan Kulow - updated to version 5.2.4.2 see installed CHANGELOG.md
* Fri Dec 20 2019 Marcus Rueckert - update to version 5.2.4.1 (CVE-2019-16782): https://weblog.rubyonrails.org/2019/12/18/Rails-5-2-4-1-has-been-released/
* Thu Nov 28 2019 Manuel Schnitzer - updated to version 5.2.4
* no changes
* Fri Mar 29 2019 Stephan Kulow - updated to version 5.2.3 see installed CHANGELOG.md [#]# Rails 5.2.3 (March 27, 2019) ##
* Allow using combine the Cache Control `public` and `no-cache` headers. Before this change, even if `public` was specified for Cache Control header, it was excluded when `no-cache` was included. This fixed to keep `public` header as is. Fixes #34780.
* Yuji Yaginuma
*
* Allow `nil` params for `ActionController::TestCase`.
* Ryo Nakamura
*
* Thu Mar 14 2019 Marcus Rueckert - update to version 5.2.2.1: https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/ CVE-2019-5418 CVE-2019-5419 CVE-2019-5420
|
|
|
