./devel/ruby-railties60, Tools for creating, working with, and running Rails 6.0

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 6.0.3.7, Package name: ruby26-railties60-6.0.3.7, Maintainer: pkgsrc-users

= Railties -- Gluing the Engine to the Rails

Railties is responsible for gluing all frameworks together. Overall, it:

* handles the bootstrapping process for a Rails application;

* manages the +rails+ command line interface;

* and provides the Rails generators core.

This is for Ruby on Rails 6.0.


Required to run:
[devel/ruby-thor] [misc/ruby-method_source] [lang/ruby26-base] [www/ruby-actionpack60] [devel/ruby-activesupport60]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: 99aceda89c7611d80a0eba4b5019676fb0e2e648
RMD160: 96988a8e8d73b650a85d1a120ed9c80275e313b7
Filesize: 444.5 KB

Version history: (Expand)


CVS history: (Expand)


   2021-05-08 16:02:34 by Takahiro Kambe | Files touched by this commit (14) | Package updated
Log message:
www/ruby-rails60: update to 6.0.3.7

Real changes are in www/ruby-actionpack60 only.

## Rails 6.0.3.7 (May 05, 2021) ##

*   Prevent catastrophic backtracking during mime parsing
    CVE-2021-22902

*   Prevent regex DoS in HTTP token authentication
    CVE-2021-22904

*   Prevent string polymorphic route arguments.

    `url_for` supports building polymorphic URLs via an array
    of arguments (usually symbols and records). If a developer passes a
    user input array, strings can result in unwanted route helper calls.

    CVE-2021-22885

    *Gannon McGibbon*
   2021-04-11 15:24:58 by Takahiro Kambe | Files touched by this commit (15) | Package updated
Log message:
www/ruby-rails60: update to 6.0.3.6

Real changes are in devel/ruby-activestorage60 only.

## Rails 6.0.3.6 (March 26, 2021) ##

*   Marcel is upgraded to version 1.0.0 to avoid a dependency on GPL-licensed
    mime types data.

    *George Claghorn*
   2021-02-11 15:30:08 by Takahiro Kambe | Files touched by this commit (14) | Package updated
Log message:
www/ruby-rails60: update to 6.0.3.5

databases/ruby-activerecord60:

## Rails 6.0.3.5 (February 10, 2021) ##

*   Fix possible DoS vector in PostgreSQL money type

    Carefully crafted input can cause a DoS via the regular expressions used
    for validating the money format in the PostgreSQL adapter.  This patch
    fixes the regexp.

    Thanks to @dee-see from Hackerone for this patch!

    [CVE-2021-22880]

    *Aaron Patterson*

www/ruby-actionpack60

## Rails 6.0.3.5 (February 10, 2021) ##

*   Prevent open redirect when allowed host starts with a dot

    [CVE-2021-22881]

    Thanks to @tktech (https://hackerone.com/tktech) for reporting this
    issue and the patch!

    *Aaron Patterson*
   2020-10-19 16:50:32 by Takahiro Kambe | Files touched by this commit (15) | Package updated
Log message:
www/ruby-rails60: update to 6.0.3.4

Update Ruby on Rails 6.0 related packages to 6.0.3.4.
This is security fix for ruby-actionpack60.

## Rails 6.0.3.4 (October 07, 2020) ##

*   [CVE-2020-8264] Prevent XSS in Actionable Exceptions
   2020-09-10 16:30:03 by Takahiro Kambe | Files touched by this commit (14) | Package updated
Log message:
www/ruby-rails60: update to 6.0.3.3

Update Ruby on Rails 60 to 6.0.3.3.

Security fix in ruby-actionview60.

## Rails 6.0.3.3 (September 09, 2020) ##

*   [CVE-2020-8185] Fix potential XSS vulnerability in the `translate`/`t` helper.

    *Jonathan Hefner*
   2020-06-18 15:38:47 by Takahiro Kambe | Files touched by this commit (14) | Package updated
Log message:
lang/rails60: update to 6.0.3.2

Update Ruby on Rails to 6.0.3.2.

www/ruby-actionpack60 is the really updated package and other packages
have no change except version.

CHANGELOG of www/ruby-actionpack60 is here:

## Rails 6.0.3.2 (June 17, 2020) ##

* [CVE-2020-8185] Only allow ActionableErrors if
  show_detailed_exceptions is enabled
   2020-05-21 18:04:24 by Takahiro Kambe | Files touched by this commit (25)
Log message:
Remove RUBY_VERSIONS_INCOMPATIBLE for ruby24.
   2020-05-19 19:15:47 by Takahiro Kambe | Files touched by this commit (1) | Package updated
Log message:
devel/ruby-railties60: update to 6.0.3.1

Update ruby-railties60 to 6.0.3.1.

## Rails 6.0.3.1 (May 18, 2020) ##

*   No changes.