Next | Query returned 11 messages, browsing 1 to 10 | Previous

History of commit frequency

CVS Commit History:


   2013-02-24 15:24:02 by Takahiro Kambe | Files touched by this commit (4) | Package removed
Log message:
Remove ruby-actionpack31 package which is part of Ruby on Rails 3.1.
   2013-02-12 15:22:03 by Takahiro Kambe | Files touched by this commit (1)
Log message:
Update ruby-actionpack31 to 3.1.11.

## Rails 3.1.11 (unreleased)

* Fixed JSON params parsing regression for non-object JSON content.
   2013-01-09 13:37:05 by Takahiro Kambe | Files touched by this commit (1)
Log message:
Update ruby-actionpack31 to 3.1.10.

## Rails 3.1.10

* Strip nils from collections on JSON and XML posts. [CVE-2013-0155]
   2012-08-12 12:34:38 by Takahiro Kambe | Files touched by this commit (1)
Log message:
Update ruby-actionpack31 to 3.1.8.

## Rails 3.1.8 (Aug 9, 2012)

* There is an XSS vulnerability in the strip_tags helper in Ruby on Rails, the
  helper doesn't correctly handle malformed html.  As a result an attacker can
  execute arbitrary javascript through the use of specially crafted malformed
  html.

  *Marek from Nethemba (www.nethemba.com) & Santiago Pastorino*

* When a "prompt" value is supplied to the `select_tag` helper, the
  "prompt" value is not escaped.
  If untrusted data is not escaped, and is supplied as the prompt value,
  there is a potential for XSS attacks.
  Vulnerable code will look something like this:
    select_tag("name", options, :prompt => UNTRUSTED_INPUT)

  *Santiago Pastorino*
   2012-07-31 14:38:13 by Takahiro Kambe | Files touched by this commit (1)
Log message:
Update ruby-actionpack31 to 3.1.7.

## Rails 3.1.7 (Jul 26, 2012)

* Do not convert digest auth strings to symbols. CVE-2012-3424
   2012-06-14 16:54:45 by Takahiro Kambe | Files touched by this commit (2)
Log message:
Update ruby-actionpack31 to 3.1.6.

pkgsrc change: add RUBY_RAILS_STRICT_DEP which will be enabled later.

## Rails 3.1.6 (Jun 12, 2012)

*   nil is removed from array parameter values

    CVE-2012-2694
   2012-06-02 03:34:21 by Takahiro Kambe | Files touched by this commit (2)
Log message:
Update ruby-actionpack31 to 3.1.5.

## Rails 3.1.5 (May 31, 2012) ##

*   Detect optional glob params when adding non-greedy regexp - closes #4817.

*   Strip null bytes from Location header

*   Return the same session data object when setting session id

*   Avoid inspecting the whole route set, closes #1525

*   Strip [nil] from parameters hash.  Thanks to Ben Murphy for reporting this!
    CVE-2012-2660
   2012-03-18 06:38:57 by Takahiro Kambe | Files touched by this commit (4)
Log message:
Update ruby-actionpack31 to 3.1.4.

Tweak COMMENT.

## Rails 3.1.4 (unreleased) ##

*   Skip assets group in Gemfile and all assets configurations options
    when the application is generated with --skip-sprockets option.

    *Guillermo Iguaran*

*   Use ProcessedAsset#pathname in Sprockets helpers when debugging is on.
    Closes #3333 #3348 #3361.

    *Guillermo Iguaran*

*   Allow to use asset_path on named_routes aliasing RailsHelper's
    asset_path to path_to_asset *Adrian Pike*

*   Assets should use the request protocol by default or default to relative
    if no request is available *Jonathan del Strother*
   2012-03-17 17:40:48 by Takahiro Kambe | Files touched by this commit (1)
Log message:
Change depending directories: www/ruby-rack13 and misc/ruby-sprockets20.
   2012-03-03 05:47:15 by Takahiro Kambe | Files touched by this commit (12)
Log message:
Add fix for CVE-2012-1098 to:

	devel/ruby-activesupport3
	devel/ruby-activesupport31
	www/ruby-actionpack3
	www/ruby-actionpack31

And bump each PKGREVISION.

Next | Query returned 11 messages, browsing 1 to 10 | Previous