Navigation:
Browse pkgsrc
(this page) 2013-02-17 09:51:52 by Takahiro Kambe | Files touched by this commit (4) |  |
Log message: Remove ruby-actionpack3. It is part of Ruby on Rails 3.0 which isn't supported any more. |
| 2013-01-29 16:41:17 by Takahiro Kambe | Files touched by this commit (1) |
Log message: Update ruby-actionpack3 to 3.0.20. No change except version. |
| 2013-01-09 13:28:04 by Takahiro Kambe | Files touched by this commit (1) |
Log message: Update ruby-actionpack3 to 3.0.19. ## Rails 3.0.19 * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] |
| 2012-08-12 11:46:45 by Takahiro Kambe | Files touched by this commit (1) |
Log message:
Update ruby-actionpack3 to 3.0.17
## Rails 3.0.17 (Aug 9, 2012)
* There is an XSS vulnerability in the strip_tags helper in Ruby on Rails, the
helper doesn't correctly handle malformed html. As a result an attacker can
execute arbitrary javascript through the use of specially crafted malformed
html.
*Marek from Nethemba (www.nethemba.com) & Santiago Pastorino*
* When a "prompt" value is supplied to the `select_tag` helper, the \
"prompt"
value is not escaped. If untrusted data is not escaped, and is supplied as
the prompt value, there is a potential for XSS attacks.
Vulnerable code will look something like this:
select_tag("name", options, :prompt => UNTRUSTED_INPUT)
*Santiago Pastorino*
|
| 2012-07-31 14:24:29 by Takahiro Kambe | Files touched by this commit (1) |
Log message:
Update ruby-actionpack3 to 3.0.16.
## Rails 3.0.16 (Jul 26, 2012)
* Do not convert digest auth strings to symbols. CVE-2012-3424
## Rails 3.0.14 (Jun 12, 2012)
* nil is removed from array parameter values
CVE-2012-2694
|
| 2012-06-14 16:49:17 by Takahiro Kambe | Files touched by this commit (2) |
Log message:
Update ruby-actionpack3.
pkgsrc change: add RUBY_RAILS_STRICT_DEP which will be enabled later.
## Rails 3.0.14 (Jun 12, 2012)
* nil is removed from array parameter values
CVE-2012-2694
|
| 2012-06-02 03:28:24 by Takahiro Kambe | Files touched by this commit (3) |
Log message: Update ruby-actionpack3 to 3.0.13. * Rails 3.0.13 (May 31, 2012) * Strip null bytes from Location header * load the encoding converter to work around [ruby-core:41556] when switching encodings * Avoid inspecting the whole route set, closes #1525 * whitelist protocols for auto_link * Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this! CVE-2012-2660 |
| 2012-03-28 17:20:01 by Takahiro Kambe | Files touched by this commit (1) |
Log message: More strict dependency to ruby-i18n_05. Bump PKGREVISION. |
| 2012-03-18 06:24:55 by Takahiro Kambe | Files touched by this commit (3) |
Log message: Update ruby-actionpack3 to 3.0.12. pkgsrc change: * Tweak COMMENT. *Rails 3.0.12 (unreleased)* * Fix using `tranlate` helper with a html translation which uses the `:count` option for pluralization. *Jon Leighton* |
| 2012-03-03 05:47:15 by Takahiro Kambe | Files touched by this commit (12) |
Log message: Add fix for CVE-2012-1098 to: devel/ruby-activesupport3 devel/ruby-activesupport31 www/ruby-actionpack3 www/ruby-actionpack31 And bump each PKGREVISION. |
New packages: