2021-10-07 17:09:00 by Nia Alarie | Files touched by this commit (1033) |
Log message:
www: Remove SHA1 hashes for distfiles
|
2021-07-04 08:24:47 by Takahiro Kambe | Files touched by this commit (12) | |
Log message:
www/ruby-rails52: update to 5.2.6
Ruby on Rails 5.2.6 (2021-05-05)
There are changes in www/ruby-actionpack52 only, including security fix.
Action Pack
* Accept base64_urlsafe CSRF tokens to make forward compatible.
Base64 strict-encoded CSRF tokens are not inherently websafe, which
makes them difficult to deal with. For example, the common practice
of sending the CSRF token to a browser in a client-readable cookie
does not work properly out of the box: the value has to be
url-encoded and decoded to survive transport.
In this version, we generate Base64 urlsafe-encoded CSRF tokens,
which are inherently safe to transport. Validation accepts both
urlsafe tokens, and strict-encoded tokens for backwards
compatibility.
How the tokes are encoded is controllr by the
action_controller.urlsafe_csrf_tokens config.
In Rails 5.2.5, the CSRF token format was accidentally changed to
urlsafe-encoded.
Atention: If you already upgraded your application to 5.2.5, set the
config urlsafe_csrf_tokens to true, otherwise your form submission
will start to fail during the deploy of this new version.
Rails.application.config.action_controller.urlsafe_csrf_tokens = true
If you are upgrading from 5.2.4.x, you don't need to change this
configuration.
Scott Blum, Étienne Barrié
|
2021-04-11 15:20:09 by Takahiro Kambe | Files touched by this commit (13) | |
Log message:
www/ruby-rails52: update to 5.2.5
Real changes are in devel/ruby-activestorage52 only.
## Rails 5.2.5 (March 26, 2021) ##
* Marcel is upgraded to version 1.0.0 to avoid a dependency on GPL-licensed
mime types data.
*George Claghorn*
* The Poppler PDF previewer renders a preview image using the original
document's crop box rather than its media box, hiding print margins. This
matches the behavior of the MuPDF previewer.
*Vincent Robert*
|
2021-02-11 15:23:42 by Takahiro Kambe | Files touched by this commit (12) | |
Log message:
www/rails52: update to 5.2.4.5
## Rails 5.2.4.5 (February 10, 2021) ##
* Fix possible DoS vector in PostgreSQL money type
Carefully crafted input can cause a DoS via the regular expressions used
for validating the money format in the PostgreSQL adapter. This patch
fixes the regexp.
Thanks to @dee-see from Hackerone for this patch!
[CVE-2021-22880]
*Aaron Patterson*
|
2020-09-10 16:13:12 by Takahiro Kambe | Files touched by this commit (12) | |
Log message:
www/ruby-rails52: update to 5.2.4.4
Update Ruby on Rails 52 to 5.2.4.4.
Security fix in ruby-actionview52.
## Rails 5.2.4.4 (September 09, 2020) ##
* [CVE-2020-15169] Fix potential XSS vulnerability in the `translate`/`t` helper
*Jonathan Hefner*
|
2020-05-19 17:36:58 by Takahiro Kambe | Files touched by this commit (1) | |
Log message:
www/ruby-actionpack52: update to 5.2.4.3
Update ruby-actionpack52 to 5.2.4.3.
## Rails 5.2.4.3 (May 18, 2020) ##
* [CVE-2020-8166] HMAC raw CSRF token before masking it, so it cannot be used \
to reconstruct a per-form token
* [CVE-2020-8164] Return self when calling #each, #each_pair, and #each_value \
instead of the raw @parameters hash
|
2020-03-20 16:40:25 by Takahiro Kambe | Files touched by this commit (1) | |
Log message:
www/ruby-actionpack52: update to 5.2.4.2
Update ruby-actionpack52 to 5.2.4.2.
## Rails 5.2.4.1 (December 18, 2019) ##
* Fix possible information leak / session hijacking vulnerability.
The `ActionDispatch::Session::MemcacheStore` is still vulnerable given it \
requires the
gem dalli to be updated as well.
CVE-2019-16782.
## Rails 5.2.4 (November 27, 2019) ##
* No changes.
|
2019-04-14 12:32:37 by Takahiro Kambe | Files touched by this commit (1) | |
Log message:
www/ruby-actionpack52: update to 5.2.3
* 5.2.2.2 fixes these security problems:
CVE-2019-5418
CVE-2019-5419
CVE-2019-5420
## Rails 5.2.3 (March 27, 2019) ##
* Allow using combine the Cache Control `public` and `no-cache` headers.
Before this change, even if `public` was specified for Cache Control header,
it was excluded when `no-cache` was included. This fixed to keep `public`
header as is.
Fixes #34780.
*Yuji Yaginuma*
* Allow `nil` params for `ActionController::TestCase`.
*Ryo Nakamura*
## Rails 5.2.2.1 (March 11, 2019) ##
* No changes.
|
2019-03-03 15:51:57 by Takahiro Kambe | Files touched by this commit (4) |
Log message:
www/ruby-actionpack52: add version 5.2.2 package
Add ruby-actionpack52 version 5.2.2 package.
Action Pack is a framework for handling and responding to web requests. It
provides mechanisms for *routing* (mapping request URLs to actions), defining
*controllers* that implement actions, and generating responses by rendering
*views*, which are templates of various formats. In short, Action Pack
provides the view and controller layers in the MVC paradigm.
This is for Ruby on Rails 5.2.
|