Path to this page:
Subject: CVS commit: pkgsrc/www/ruby-actionpack32
From: Takahiro Kambe
Date: 2016-02-01 14:48:02
Message id: 20160201134802.32DB1FBB7@cvs.NetBSD.org
Log Message:
Note update of ruby-actionpack32 to 3.2.22.1.
* Use secure string comparisons for basic auth username / password.
(CVE-2015-7576)
* Stop caching mime types globally. (CVE-2016-0751)
* Don't short-circuit reject_if proc. (CVE-2015-7577)
* Allow :file to be outside rails root, but anything else must be inside
the rails view directory. (CVE-2016-0752)
Files: