Next | Query returned 23 messages, browsing 11 to 20 | Previous

History of commit frequency

CVS Commit History:


   2021-10-07 16:25:52 by Nia Alarie | Files touched by this commit (357)
Log message:
mail: Remove SHA1 hashes for distfiles
   2021-07-04 08:58:38 by Takahiro Kambe | Files touched by this commit (14) | Package updated
Log message:
www/ruby-rails60: update to 6.0.4

Ruby on Rails 6.0.4 (2021-06-15), including security fixes.

Active Support

* Fixed issue in ActiveSupport::Cache::RedisCacheStore not passing
  options to read_multi causing fetch_multi to not work properly.
  (Rajesh Sharma)

* with_options copies its options hash again to avoid leaking mutations.
  Fixes #39343.  (Eugene Kenny)

Active Record

* Only warn about negative enums if a positive form that would cause
  conflicts exists.  Fixes #39065.  (Alex Ghiculescu)

* Allow the inverse of a has_one association that was previously
  autosaved to be loaded.  Fixes #34255.  (Steven Weber)

* Reset statement cache for association if table_name is changed.
  Fixes #36453.  (Ryuta Kamizono)

* Type cast extra select for eager loading.  (Ryuta Kamizono)

* Prevent collection associations from being autosaved multiple times.
  Fixes #39173.  (Eugene Kenny)

* Resolve issue with insert_all unique_by option when used with
  expression index.

  When the :unique_by option of ActiveRecord::Persistence.insert_all
  and ActiveRecord::Persistence.upsert_all was used with the name of
  an expression index, an error was raised.  Adding a guard around the
  formatting behavior for the :unique_by corrects this.

  Usage:

	create_table :books, id: :integer, force: true do |t|
	  t.column :name, :string
	  t.index "lower(name)", unique: true
	end

  	Book.insert_all [{ name: "MyTest" }], unique_by: \ 
:index_books_on_lower_name

  Fixes #39516.  (Austen Madden)

* Fix preloading for polymorphic association with custom scope.
  (Ryuta Kamizono)

* Allow relations with different SQL comments in the or method.
  (Takumi Shotoku)

* Resolve conflict between counter cache and optimistic locking.

  Bump an Active Record instance's lock version after updating its
  counter cache.  This avoids raising an unnecessary
  ActiveRecord::StaleObjectError upon subsequent transactions by
  maintaining parity with the corresponding database record's
  lock_version column.  Fixes #16449.  (Aaron Lipman)

* Fix through association with source/through scope which has joins.
  (Ryuta Kamizono)

* Fix through association to respect source scope for includes/preload.
  (Ryuta Kamizono)

* Fix eager load with Arel joins to maintain the original joins order.
  (Ryuta Kamizono)

* Fix group by count with eager loading + order + limit/offset.
  (Ryuta Kamizono)

* Fix left joins order when merging multiple left joins from different
  associations.  (Ryuta Kamizono)

* Fix index creation to preserve index comment in bulk change table on
  MySQL.  (Ryuta Kamizono)

* Change remove_foreign_key to not check :validate option if database
  doesn't support the feature.  (Ryuta Kamizono)

* Fix the result of aggregations to maintain duplicated "group by"
  fields.  (Ryuta Kamizono)

* Do not return duplicated records when using preload.  (Bogdan Gusiev)

Action View

* SanitizeHelper.sanitized_allowed_attributes and
  SanitizeHelper.sanitized_allowed_tags call safe_list_sanitizer's
  class method.  Fixes #39586.  (Taufiq Muhammadi)

Action Pack

* Accept base64_urlsafe CSRF tokens to make forward compatible.

* Base64 strict-encoded CSRF tokens are not inherently websafe, which
  makes them difficult to deal with.  For example, the common practice
  of sending the CSRF token to a browser in a client-readable cookie
  does not work properly out of the box: the value has to be
  url-encoded and decoded to survive transport.

  In Rails 6.1, we generate Base64 urlsafe-encoded CSRF tokens, which
  are inherently safe to transport.  Validation accepts both urlsafe
  tokens, and strict-encoded tokens for backwards compatibility.

  In Rails 5.2.5, the CSRF token format is accidentally changed to
  urlsafe-encoded.  If you upgrade apps from 5.2.5, set the config
  urlsafe_csrf_tokens = true.

	Rails.application.config.action_controller.urlsafe_csrf_tokens = true

  (Scott Blum, Étienne Barrié)

* Signed and encrypted cookies can now store false as their value when
  action_dispatch.use_cookies_with_metadata is enabled.  (Rolandas
  Barysas)

Active Storage

* The Poppler PDF previewer renders a preview image using the original
  document's crop box rather than its media box, hiding print
  margins. This matches the behavior of the MuPDF previewer.  (Vincent
  Robert)

Railties

* Allow relative paths with trailing slashes to be passed to rails
  test.  (Eugene Kenny)

* Return a 405 Method Not Allowed response when a request uses an
  unknown HTTP method.  Fixes #38998.  (Loren Norman)
   2021-05-08 16:02:34 by Takahiro Kambe | Files touched by this commit (14) | Package updated
Log message:
www/ruby-rails60: update to 6.0.3.7

Real changes are in www/ruby-actionpack60 only.

## Rails 6.0.3.7 (May 05, 2021) ##

*   Prevent catastrophic backtracking during mime parsing
    CVE-2021-22902

*   Prevent regex DoS in HTTP token authentication
    CVE-2021-22904

*   Prevent string polymorphic route arguments.

    `url_for` supports building polymorphic URLs via an array
    of arguments (usually symbols and records). If a developer passes a
    user input array, strings can result in unwanted route helper calls.

    CVE-2021-22885

    *Gannon McGibbon*
   2021-04-11 15:24:58 by Takahiro Kambe | Files touched by this commit (15) | Package updated
Log message:
www/ruby-rails60: update to 6.0.3.6

Real changes are in devel/ruby-activestorage60 only.

## Rails 6.0.3.6 (March 26, 2021) ##

*   Marcel is upgraded to version 1.0.0 to avoid a dependency on GPL-licensed
    mime types data.

    *George Claghorn*
   2021-02-11 15:30:08 by Takahiro Kambe | Files touched by this commit (14) | Package updated
Log message:
www/ruby-rails60: update to 6.0.3.5

databases/ruby-activerecord60:

## Rails 6.0.3.5 (February 10, 2021) ##

*   Fix possible DoS vector in PostgreSQL money type

    Carefully crafted input can cause a DoS via the regular expressions used
    for validating the money format in the PostgreSQL adapter.  This patch
    fixes the regexp.

    Thanks to @dee-see from Hackerone for this patch!

    [CVE-2021-22880]

    *Aaron Patterson*

www/ruby-actionpack60

## Rails 6.0.3.5 (February 10, 2021) ##

*   Prevent open redirect when allowed host starts with a dot

    [CVE-2021-22881]

    Thanks to @tktech (https://hackerone.com/tktech) for reporting this
    issue and the patch!

    *Aaron Patterson*
   2020-10-19 16:50:32 by Takahiro Kambe | Files touched by this commit (15) | Package updated
Log message:
www/ruby-rails60: update to 6.0.3.4

Update Ruby on Rails 6.0 related packages to 6.0.3.4.
This is security fix for ruby-actionpack60.

## Rails 6.0.3.4 (October 07, 2020) ##

*   [CVE-2020-8264] Prevent XSS in Actionable Exceptions
   2020-09-10 16:30:03 by Takahiro Kambe | Files touched by this commit (14) | Package updated
Log message:
www/ruby-rails60: update to 6.0.3.3

Update Ruby on Rails 60 to 6.0.3.3.

Security fix in ruby-actionview60.

## Rails 6.0.3.3 (September 09, 2020) ##

*   [CVE-2020-8185] Fix potential XSS vulnerability in the `translate`/`t` helper.

    *Jonathan Hefner*
   2020-06-18 15:38:47 by Takahiro Kambe | Files touched by this commit (14) | Package updated
Log message:
lang/rails60: update to 6.0.3.2

Update Ruby on Rails to 6.0.3.2.

www/ruby-actionpack60 is the really updated package and other packages
have no change except version.

CHANGELOG of www/ruby-actionpack60 is here:

## Rails 6.0.3.2 (June 17, 2020) ##

* [CVE-2020-8185] Only allow ActionableErrors if
  show_detailed_exceptions is enabled
   2020-05-21 18:04:24 by Takahiro Kambe | Files touched by this commit (25)
Log message:
Remove RUBY_VERSIONS_INCOMPATIBLE for ruby24.
   2020-05-19 19:14:04 by Takahiro Kambe | Files touched by this commit (1) | Package updated
Log message:
mail/ruby-actionmailer60: update to 6.0.3.1

Update ruby-actionmailer60 to 6.0.3.1.

## Rails 6.0.3.1 (May 18, 2020) ##

*   No changes.

Next | Query returned 23 messages, browsing 11 to 20 | Previous