Navigation:
Browse pkgsrc
(this page) 2013-02-24 15:24:02 by Takahiro Kambe | Files touched by this commit (4) |  |
Log message: Remove ruby-actionpack31 package which is part of Ruby on Rails 3.1. |
| 2013-02-12 15:22:03 by Takahiro Kambe | Files touched by this commit (1) |
Log message: Update ruby-actionpack31 to 3.1.11. ## Rails 3.1.11 (unreleased) * Fixed JSON params parsing regression for non-object JSON content. |
| 2013-01-09 13:37:05 by Takahiro Kambe | Files touched by this commit (1) |
Log message: Update ruby-actionpack31 to 3.1.10. ## Rails 3.1.10 * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] |
| 2012-08-12 12:34:38 by Takahiro Kambe | Files touched by this commit (1) |
Log message:
Update ruby-actionpack31 to 3.1.8.
## Rails 3.1.8 (Aug 9, 2012)
* There is an XSS vulnerability in the strip_tags helper in Ruby on Rails, the
helper doesn't correctly handle malformed html. As a result an attacker can
execute arbitrary javascript through the use of specially crafted malformed
html.
*Marek from Nethemba (www.nethemba.com) & Santiago Pastorino*
* When a "prompt" value is supplied to the `select_tag` helper, the
"prompt" value is not escaped.
If untrusted data is not escaped, and is supplied as the prompt value,
there is a potential for XSS attacks.
Vulnerable code will look something like this:
select_tag("name", options, :prompt => UNTRUSTED_INPUT)
*Santiago Pastorino*
|
| 2012-07-31 14:38:13 by Takahiro Kambe | Files touched by this commit (1) |
Log message: Update ruby-actionpack31 to 3.1.7. ## Rails 3.1.7 (Jul 26, 2012) * Do not convert digest auth strings to symbols. CVE-2012-3424 |
| 2012-06-14 16:54:45 by Takahiro Kambe | Files touched by this commit (2) |
Log message:
Update ruby-actionpack31 to 3.1.6.
pkgsrc change: add RUBY_RAILS_STRICT_DEP which will be enabled later.
## Rails 3.1.6 (Jun 12, 2012)
* nil is removed from array parameter values
CVE-2012-2694
|
| 2012-06-02 03:34:21 by Takahiro Kambe | Files touched by this commit (2) |
Log message:
Update ruby-actionpack31 to 3.1.5.
## Rails 3.1.5 (May 31, 2012) ##
* Detect optional glob params when adding non-greedy regexp - closes #4817.
* Strip null bytes from Location header
* Return the same session data object when setting session id
* Avoid inspecting the whole route set, closes #1525
* Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this!
CVE-2012-2660
|
| 2012-03-18 06:38:57 by Takahiro Kambe | Files touched by this commit (4) |
Log message:
Update ruby-actionpack31 to 3.1.4.
Tweak COMMENT.
## Rails 3.1.4 (unreleased) ##
* Skip assets group in Gemfile and all assets configurations options
when the application is generated with --skip-sprockets option.
*Guillermo Iguaran*
* Use ProcessedAsset#pathname in Sprockets helpers when debugging is on.
Closes #3333 #3348 #3361.
*Guillermo Iguaran*
* Allow to use asset_path on named_routes aliasing RailsHelper's
asset_path to path_to_asset *Adrian Pike*
* Assets should use the request protocol by default or default to relative
if no request is available *Jonathan del Strother*
|
| 2012-03-17 17:40:48 by Takahiro Kambe | Files touched by this commit (1) |
Log message: Change depending directories: www/ruby-rack13 and misc/ruby-sprockets20. |
| 2012-03-03 05:47:15 by Takahiro Kambe | Files touched by this commit (12) |
Log message: Add fix for CVE-2012-1098 to: devel/ruby-activesupport3 devel/ruby-activesupport31 www/ruby-actionpack3 www/ruby-actionpack31 And bump each PKGREVISION. |
New packages: