pkgsrc.se | The NetBSD package collection

NOTICE: This package has been removed from pkgsrc

./www/ruby-actionpack31, Toolkit for building modeling frameworks (part of Rails 3.1)

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ]

Branch: CURRENT, Version: 3.1.11, Package name: ruby193-actionpack-3.1.11, Maintainer: pkgsrc-users

Action Pack is a framework for handling and responding to web requests. It
provides mechanisms for *routing* (mapping request URLs to actions), defining
*controllers* that implement actions, and generating responses by rendering
*views*, which are templates of various formats. In short, Action Pack
provides the view and controller layers in the MVC paradigm.

Required to run:
[www/ruby-rack-mount] [www/ruby-rack-test] [lang/ruby193-base] [www/ruby-erubis] [www/ruby-rack-cache] [devel/ruby-activemodel31] [misc/ruby-sprockets20] [www/ruby-rack13]

Master sites:

SHA1: f65cea0682b6051869d4125f7b441a7c6f59fcbe
RMD160: 62400bb94e232e0be0bcfe1251e8fc503272c4b4
Filesize: 272 KB

Version history: (Expand)

(2013-02-24) Package deleted from pkgsrc
(2013-02-12) Updated to version: ruby193-actionpack-3.1.11
(2013-01-13) Updated to version: ruby193-actionpack-3.1.10
(2013-01-06) Updated to version: ruby193-actionpack-3.1.9
(2012-08-12) Updated to version: ruby193-actionpack-3.1.8
(2012-07-31) Updated to version: ruby193-actionpack-3.1.7

CVS history: (Expand)

2013-02-24 15:24:02 by Takahiro Kambe | Files touched by this commit (4) | Package removed

Log message:
Remove ruby-actionpack31 package which is part of Ruby on Rails 3.1.

2013-02-12 15:22:03 by Takahiro Kambe | Files touched by this commit (1)

Log message:
Update ruby-actionpack31 to 3.1.11.

## Rails 3.1.11 (unreleased)

* Fixed JSON params parsing regression for non-object JSON content.

2013-01-09 13:37:05 by Takahiro Kambe | Files touched by this commit (1)

Log message:
Update ruby-actionpack31 to 3.1.10.

## Rails 3.1.10

* Strip nils from collections on JSON and XML posts. [CVE-2013-0155]

2012-08-12 12:34:38 by Takahiro Kambe | Files touched by this commit (1)

Log message:
Update ruby-actionpack31 to 3.1.8.

## Rails 3.1.8 (Aug 9, 2012)

* There is an XSS vulnerability in the strip_tags helper in Ruby on Rails, the
  helper doesn't correctly handle malformed html.  As a result an attacker can
  execute arbitrary javascript through the use of specially crafted malformed
  html.

  *Marek from Nethemba (www.nethemba.com) & Santiago Pastorino*

* When a "prompt" value is supplied to the `select_tag` helper, the
  "prompt" value is not escaped.
  If untrusted data is not escaped, and is supplied as the prompt value,
  there is a potential for XSS attacks.
  Vulnerable code will look something like this:
    select_tag("name", options, :prompt => UNTRUSTED_INPUT)

  *Santiago Pastorino*

2012-07-31 14:38:13 by Takahiro Kambe | Files touched by this commit (1)

Log message:
Update ruby-actionpack31 to 3.1.7.

## Rails 3.1.7 (Jul 26, 2012)

* Do not convert digest auth strings to symbols. CVE-2012-3424

2012-06-14 16:54:45 by Takahiro Kambe | Files touched by this commit (2)

Log message:
Update ruby-actionpack31 to 3.1.6.

pkgsrc change: add RUBY_RAILS_STRICT_DEP which will be enabled later.

## Rails 3.1.6 (Jun 12, 2012)

*   nil is removed from array parameter values

    CVE-2012-2694

2012-06-02 03:34:21 by Takahiro Kambe | Files touched by this commit (2)

Log message:
Update ruby-actionpack31 to 3.1.5.

## Rails 3.1.5 (May 31, 2012) ##

*   Detect optional glob params when adding non-greedy regexp - closes #4817.

*   Strip null bytes from Location header

*   Return the same session data object when setting session id

*   Avoid inspecting the whole route set, closes #1525

*   Strip [nil] from parameters hash.  Thanks to Ben Murphy for reporting this!
    CVE-2012-2660

2012-03-18 06:38:57 by Takahiro Kambe | Files touched by this commit (4)

Log message:
Update ruby-actionpack31 to 3.1.4.

Tweak COMMENT.

## Rails 3.1.4 (unreleased) ##

*   Skip assets group in Gemfile and all assets configurations options
    when the application is generated with --skip-sprockets option.

    *Guillermo Iguaran*

*   Use ProcessedAsset#pathname in Sprockets helpers when debugging is on.
    Closes #3333 #3348 #3361.

    *Guillermo Iguaran*

*   Allow to use asset_path on named_routes aliasing RailsHelper's
    asset_path to path_to_asset *Adrian Pike*

*   Assets should use the request protocol by default or default to relative
    if no request is available *Jonathan del Strother*