Revisions of rubygem-activesupport-2_3
Stefan Lijewski (lijews)
accepted
request 155288
from
Stefan Lijewski (lijews)
(revision 3)
- update to 2.3.16 (bnc#800320) CVE-2013-0333 - fixing load error messages - html_escape should escape single quotes - Add an OkJson backend and remove the YAML backend Fixes CVE-2013-0333. The ActiveSupport::JSON::Backends::Yaml class is present but the functionality has been removed entirely. - obsoletes 3-0-escape_html-activesupport.patch: upstreamed - update to 2.3.15: (bnc#796712, bnc#797449, bnc#797452) * Hash.from_xml raises when it encounters type="symbol" or type="yaml". Use Hash.from_trusted_xml to parse this XML. CVE-2013-0156 [Jeremy Kemper]
Stefan Lijewski (lijews)
accepted
request 135629
from
Stefan Lijewski (lijews)
(revision 2)
- added 3-0-escape_html-activesupport.patch: (bnc#775653) Also encode single quote (CVE-2012-3464) - update to version 2.3.14 - fixing utf8 escape vulerability (bnc#712060) - Fix OrderedHash merging with block given. - update to version 2.3.12 * Version bump - update to version 2.3.11: (bnc#668817) - XSS Risk in mail_to :encode=>:javascript CVE-2011-0446 - CSRF Bypass Risk CVE-2011-0447 - Filter Problems on Case Insensitive Filesystems CVE-2011-0449 - Potential SQL Injection with limit() CVE-2011-0448 - Split off doc subpackage. - update to version 2.3.10 * i18n: bundle i18n 0.4.1 for forward compatibility with Rails 3. Deprecates {{foo}} interpolation syntax in favor of 1.9-native %{foo}. * Deprecate Kernel#returning in favor of Object#tap since it's included in Ruby 1.8.7 and later. [Santiago Pastorino] * Deprecates ActiveSupport::Dependencies.load_(once_)paths, renamed to autoload_(once_)paths. [fxn] * Deprecates Array#random_element, renamed to sample to match Ruby 1.9, thanks to Marc-Andre Lafortune. [fxn] - update to version 2.3.9
unknown
committed
(revision 1)
Displaying all 3 revisions