Navigation:
Browse pkgsrc
(this page)| 2022-03-27 08:30:00 by Thomas Klausner | Files touched by this commit (24) |
Log message: ruby*: fix rails version in COMMENT |
2022-03-13 16:11:52 by Takahiro Kambe | Files touched by this commit (14) |  |
Log message: www/ruby-rails61: update to 6.1.4.7 Ruby on Rails 6.1.4.7 is not latest version but it should be easy to pull-up to pkgsrc-2021Q4. Changes are in devel/ruby-activestorage61 only. ## Rails 6.1.4.7 (March 08, 2022) ## * Added image transformation validation via configurable allow-list. Variant now offers a configurable allow-list for transformation methods in addition to a configurable deny-list for arguments. [CVE-2022-21831] |
| 2022-02-13 08:35:06 by Takahiro Kambe | Files touched by this commit (14) | |
Log message: www/ruby-rails61: update to 6.1.4.6 This update contains security fix for CVE-2022-23633 in ruby-actionpack61. Active Support 6.1.4.6 (2022-02-11) * Fix Reloader method signature to work with the new Executor signature. Action Pack 6.1.4.5 (2022-02-11) * Under certain circumstances, the middleware isn't informed that the response body has been fully closed which result in request state not being fully reset before the next request. [CVE-2022-23633] Other packages have no change. |
| 2022-01-14 17:03:00 by Takahiro Kambe | Files touched by this commit (3) |
Log message: Remove support for prior to Ruby 2.6. |
| 2021-12-19 06:32:02 by Takahiro Kambe | Files touched by this commit (1) | |
Log message: www/ruby-rails61: update to 6.1.4.4 No change except version. |
| 2021-10-26 13:31:15 by Nia Alarie | Files touched by this commit (1030) |
Log message: www: Replace RMD160 checksums with BLAKE2s checksums All checksums have been double-checked against existing RMD160 and SHA512 hashes Not committed (merge conflicts): www/nghttp2/distinfo Unfetchable distfiles (almost certainly fetched conditionally...): ./www/nginx-devel/distinfo array-var-nginx-module-0.05.tar.gz ./www/nginx-devel/distinfo echo-nginx-module-0.62.tar.gz ./www/nginx-devel/distinfo encrypted-session-nginx-module-0.08.tar.gz ./www/nginx-devel/distinfo form-input-nginx-module-0.12.tar.gz ./www/nginx-devel/distinfo headers-more-nginx-module-0.33.tar.gz ./www/nginx-devel/distinfo lua-nginx-module-0.10.19.tar.gz ./www/nginx-devel/distinfo naxsi-1.3.tar.gz ./www/nginx-devel/distinfo nginx-dav-ext-module-3.0.0.tar.gz ./www/nginx-devel/distinfo nginx-rtmp-module-1.2.2.tar.gz ./www/nginx-devel/distinfo nginx_http_push_module-1.2.10.tar.gz ./www/nginx-devel/distinfo ngx_cache_purge-2.5.1.tar.gz ./www/nginx-devel/distinfo ngx_devel_kit-0.3.1.tar.gz ./www/nginx-devel/distinfo ngx_http_geoip2_module-3.3.tar.gz ./www/nginx-devel/distinfo njs-0.5.0.tar.gz ./www/nginx-devel/distinfo set-misc-nginx-module-0.32.tar.gz ./www/nginx/distinfo array-var-nginx-module-0.05.tar.gz ./www/nginx/distinfo echo-nginx-module-0.62.tar.gz ./www/nginx/distinfo encrypted-session-nginx-module-0.08.tar.gz ./www/nginx/distinfo form-input-nginx-module-0.12.tar.gz ./www/nginx/distinfo headers-more-nginx-module-0.33.tar.gz ./www/nginx/distinfo lua-nginx-module-0.10.19.tar.gz ./www/nginx/distinfo naxsi-1.3.tar.gz ./www/nginx/distinfo nginx-dav-ext-module-3.0.0.tar.gz ./www/nginx/distinfo nginx-rtmp-module-1.2.2.tar.gz ./www/nginx/distinfo nginx_http_push_module-1.2.10.tar.gz ./www/nginx/distinfo ngx_cache_purge-2.5.1.tar.gz ./www/nginx/distinfo ngx_devel_kit-0.3.1.tar.gz ./www/nginx/distinfo ngx_http_geoip2_module-3.3.tar.gz ./www/nginx/distinfo njs-0.5.0.tar.gz ./www/nginx/distinfo set-misc-nginx-module-0.32.tar.gz |
| 2021-10-07 17:09:00 by Nia Alarie | Files touched by this commit (1033) |
Log message: www: Remove SHA1 hashes for distfiles |
| 2021-07-04 10:05:52 by Takahiro Kambe | Files touched by this commit (1) | |
Log message: www/ruby-rails61: update to 6.1.4 No change except version. |
| 2021-05-08 16:08:57 by Takahiro Kambe | Files touched by this commit (14) | |
Log message:
www/ruby-rails61: update to 6.1.3.2
Real changes are in www/ruby-actionpack61 only.
## Rails 6.1.3.2 (May 05, 2021) ##
* Prevent open redirects by correctly escaping the host allow list
CVE-2021-22903
* Prevent catastrophic backtracking during mime parsing
CVE-2021-22902
* Prevent regex DoS in HTTP token authentication
CVE-2021-22904
* Prevent string polymorphic route arguments.
`url_for` supports building polymorphic URLs via an array
of arguments (usually symbols and records). If a developer passes a
user input array, strings can result in unwanted route helper calls.
CVE-2021-22885
*Gannon McGibbon*
|
| 2021-04-11 15:28:02 by Takahiro Kambe | Files touched by this commit (15) | |
Log message: www/ruby-rails61: update to 6.1.3.1 Real changes are in devel/devel/ruby-activestorage61 only. ## Rails 6.1.3.1 (March 26, 2021) ## * Marcel is upgraded to version 1.0.0 to avoid a dependency on GPL-licensed mime types data. *George Claghorn* |
New packages: