Next | Query returned 8 messages, browsing 1 to 10 | previous

History of commit frequency

CVS Commit History:


   2022-06-07 17:18:45 by Takahiro Kambe | Files touched by this commit (1) | Package updated
Log message:
www/ruby-actionpack70: update to 7.0.3

7.0.3 (2022-05-12)

* Allow relative redirects when raise_on_open_redirects is enabled.

* Fix authenticate_with_http_basic to allow for missing password.

  Before Rails 7.0 it was possible to handle basic authentication with only
  a username.

	authenticate_with_http_basic do |token, _|
	  ApiClient.authenticate(token)
	end

  This ability is restored.

* Fix content_security_policy returning invalid directives.

  Directives such as self, unsafe-eval and few others were not single quoted
  when the directive was the result of calling a lambda returning an array.

	content_security_policy do |policy|
	  policy.frame_ancestors lambda { [:self, "https://example.com"] }
	end

  With this fix the policy generated from above will now be valid.

* Fix skip_forgery_protection to run without raising an error if forgery
  protection has not been enabled / verify_authenticity_token is not a
  defined callback.

  This fix prevents the Rails 7.0 Welcome Page (/) from raising an
  ArgumentError if default_protect_from_forgery is false.

* Fix ActionController::Live to copy the IsolatedExecutionState in the
  ephemeral thread.

  Since its inception ActionController::Live has been copying thread local
  variables to keep things such as CurrentAttributes set from middlewares
  working in the controller action.

  With the introduction of IsolatedExecutionState in 7.0, some of that
  global state was lost in ActionController::Live controllers.

* Fix setting trailing_slash: true in route definition.

	get '/test' => "test#index", as: :test, trailing_slash: true

	test_path() # => "/test/"
   2022-05-05 05:40:53 by Takahiro Kambe | Files touched by this commit (1) | Package updated
Log message:
www/ruby-actionpack70: update to 7.0.2.4

## Rails 7.0.2.4 (April 26, 2022) ##

*   Allow Content Security Policy DSL to generate for API responses.

    *Tim Wade*
   2022-03-27 08:43:12 by Thomas Klausner | Files touched by this commit (13)
Log message:
rails 7.0 wants ruby 2.7+, mark it as such
   2022-03-27 08:30:00 by Thomas Klausner | Files touched by this commit (24)
Log message:
ruby*: fix rails version in COMMENT
   2022-03-13 16:15:05 by Takahiro Kambe | Files touched by this commit (14) | Package updated
Log message:
www/ruby-rails70: update to 7.0.2.3

Changes are in devel/ruby-activestorage70 only.

Rails 7.0.2.3 (March 08, 2022)

* Added image transformation validation via configurable allow-list.

  Variant now offers a configurable allow-list for
  transformation methods in addition to a configurable deny-list for arguments.

  [CVE-2022-21831]
   2022-02-13 08:43:27 by Takahiro Kambe | Files touched by this commit (1) | Package updated
Log message:
www/ruby-actionpack70: update to 7.0.2

This update contains security fix for CVE-2022-23633.

7.0.2 (2022-02-08)

* No changes.

7.0.2.1 (2022-02-11)

* Under certain circumstances, the middleware isn't informed that the
  response body has been fully closed which result in request state
  not being fully reset before the next request

  [CVE-2022-23633]

7.0.2.2 (2022-02-11)

* No changes.
   2022-01-16 15:07:02 by Takahiro Kambe | Files touched by this commit (1) | Package updated
Log message:
devel/ruby-actionpack70: update to 7.0.1

7.0.1 (2021-01-06)

* Fix ActionController::Parameters methods to keep the original logger
  context when creating a new copy of the original object.

  Yutaka Kamei
   2021-12-19 07:01:40 by Takahiro Kambe | Files touched by this commit (4)
Log message:
www/ruby-actionpack70: add package version 7.0.0

Action Pack -- From request to response

Action Pack is a framework for handling and responding to web requests.
It provides mechanisms for *routing* (mapping request URLs to actions),
defining *controllers* that implement actions, and generating responses.
In short, Action Pack provides the controller layer in the MVC paradigm.

It consists of several modules:

* Action Dispatch, which parses information about the web request, handles
  routing as defined by the user, and does advanced processing related to
  HTTP such as MIME-type negotiation, decoding parameters in POST, PATCH,
  or PUT bodies, handling HTTP caching logic, cookies and sessions.

* Action Controller, which provides a base controller class that can be
  subclassed to implement filters and actions to handle requests.
  The result of an action is typically content generated from views.

With the Ruby on Rails framework, users only directly interface with the
Action Controller module.  Necessary Action Dispatch functionality is
activated by default and Action View rendering is implicitly triggered by
Action Controller.  However, these modules are designed to function on their
own and can be used outside of Rails.

This is for Ruby on Rails 7.0.

Next | Query returned 8 messages, browsing 1 to 10 | previous