Revisions of rubygem-activesupport-2_3
Stefan Lijewski (lijews)
accepted
request 155288
from
Stefan Lijewski (lijews)
(revision 3)
- update to 2.3.16 (bnc#800320) CVE-2013-0333
- fixing load error messages
- html_escape should escape single quotes
- Add an OkJson backend and remove the YAML backend
Fixes CVE-2013-0333. The ActiveSupport::JSON::Backends::Yaml
class is present but the functionality has been removed
entirely.
- obsoletes 3-0-escape_html-activesupport.patch:
upstreamed
- update to 2.3.15: (bnc#796712, bnc#797449, bnc#797452)
* Hash.from_xml raises when it encounters type="symbol" or
type="yaml". Use Hash.from_trusted_xml to parse this XML.
CVE-2013-0156 [Jeremy Kemper]
Stefan Lijewski (lijews)
accepted
request 135629
from
Stefan Lijewski (lijews)
(revision 2)
- added 3-0-escape_html-activesupport.patch: (bnc#775653)
Also encode single quote (CVE-2012-3464)
- update to version 2.3.14
- fixing utf8 escape vulerability (bnc#712060)
- Fix OrderedHash merging with block given.
- update to version 2.3.12
* Version bump
- update to version 2.3.11: (bnc#668817)
- XSS Risk in mail_to :encode=>:javascript CVE-2011-0446
- CSRF Bypass Risk CVE-2011-0447
- Filter Problems on Case Insensitive Filesystems CVE-2011-0449
- Potential SQL Injection with limit() CVE-2011-0448
- Split off doc subpackage.
- update to version 2.3.10
* i18n: bundle i18n 0.4.1 for forward compatibility with Rails 3.
Deprecates {{foo}} interpolation syntax in favor of 1.9-native
%{foo}.
* Deprecate Kernel#returning in favor of Object#tap since it's
included in Ruby 1.8.7 and later. [Santiago Pastorino]
* Deprecates ActiveSupport::Dependencies.load_(once_)paths,
renamed to autoload_(once_)paths. [fxn]
* Deprecates Array#random_element, renamed to sample to match
Ruby 1.9, thanks to Marc-Andre Lafortune. [fxn]
- update to version 2.3.9
unknown
committed
(revision 1)
Displaying all 3 revisions
