Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
rubygem-activesupport-4_2
rubygem-activesupport-4_2.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File rubygem-activesupport-4_2.changes of Package rubygem-activesupport-4_2
------------------------------------------------------------------- Thu Jan 26 10:05:23 UTC 2023 - Valentin Lefebvre <valentin.lefebvre@suse.com> - Add patch to fix CVE-2023-22796 (bsc#1207454) CVE-2023-22796.patch ------------------------------------------------------------------- Tue Oct 25 10:28:49 UTC 2022 - pgajdos@suse.com - security update [bsc#1199060] * add xml_name_escape() https://github.com/rails/rails/commit/649516ce0feb699ae06a8c5e81df75d460cc9a85 - added patches + CVE-2022-27777.patch ------------------------------------------------------------------- Thu Sep 10 14:01:51 UTC 2020 - Johannes Grassler <johannes.grassler@suse.com> - Add CVE-2020-8165.patch (bsc#1172186, CVE-2020-8165) * Avoid Marshal.load on raw cache value in MemCacheStore ------------------------------------------------------------------- Tue Jul 7 15:42:12 UTC 2020 - Johannes Grassler <johannes.grassler@suse.com> - Add CVE-2020-8163.patch (bsc#1173144, CVE-2020-8163) * Fix potential remote code execution of user-provided local names ------------------------------------------------------------------- Mon Aug 28 17:05:05 UTC 2017 - rsalevsky@suse.com - update to version 4.2.9 (bsc#1055962) * drop CVE-2016-0753.patch and CVE-2015-7576.patch as they got merged upstream ## Rails 4.2.9 (June 26, 2017) ## * Fixed bug in `DateAndTime::Compatibility#to_time` that caused it to raise `RuntimeError: can't modify frozen Time` when called on any frozen `Time`. Properly pass through the frozen `Time` or `ActiveSupport::TimeWithZone` object when calling `#to_time`. *Kevin McPhillips* & *Andrew White* * Restore the return type of `DateTime#utc` In Rails 5.0 the return type of `DateTime#utc` was changed to `Time` to be consistent with the new `DateTime#localtime` method. When these changes were backported in #27553 this inadvertently changed the return type in a patcn release. Since `DateTime#localtime` was new in Rails 4.2.8 it's okay to restore the return type of `DateTime#utc` but keep `DateTime#localtime` as returning `Time` without breaking backwards compatibility. *Andrew White* * In Core Extensions, make `MarshalWithAutoloading#load` pass through the second, optional argument for `Marshal#load( source [, proc] )`. This way we don't have to do `Marshal.method(:load).super_method.call(sourse, proc)` just to be able to pass a proc. *Jeff Latz* * Cache `ActiveSupport::TimeWithZone#to_datetime` before freezing. *Adam Rice* * `AS::Testing::TimeHelpers#travel_to` now changes `DateTime.now` as well as `Time.now` and `Date.today`. *Yuki Nishijima* ## Rails 4.2.8 (February 21, 2017) ## * Make `getlocal` and `getutc` always return instances of `Time` for `ActiveSupport::TimeWithZone` and `DateTime`. This eliminates a possible stack level too deep error in `to_time` where `ActiveSupport::TimeWithZone` was wrapping a `DateTime` instance. As a consequence of this the internal time value in `ActiveSupport::TimeWithZone` is now always an instance of `Time` in the UTC timezone, whether that's as the UTC time directly or a representation of the local time in the timezone. There should be no consequences of this internal change and if there are it's a bug due to leaky abstractions. *Andrew White* * Add `DateTime#subsec` to return the fraction of a second as a `Rational`. *Andrew White* * Add additional aliases for `DateTime#utc` to mirror the ones on `ActiveSupport::TimeWithZone` and `Time`. *Andrew White* * Add `DateTime#localtime` to return an instance of `Time` in the system's local timezone. Also aliased to `getlocal`. *Andrew White*, *Yuichiro Kaneko* * Add `Time#sec_fraction` to return the fraction of a second as a `Rational`. *Andrew White* * Add `ActiveSupport.to_time_preserves_timezone` config option to control how `to_time` handles timezones. In Ruby 2.4+ the behavior will change from converting to the local system timezone, to preserving the timezone of the receiver. This config option defaults to false so that apps made with earlier versions of Rails are not affected when upgrading, e.g: >> ENV['TZ'] = 'US/Eastern' >> "2016-04-23T10:23:12.000Z".to_time => "2016-04-23T06:23:12.000-04:00" >> ActiveSupport.to_time_preserves_timezone = true >> "2016-04-23T10:23:12.000Z".to_time => "2016-04-23T10:23:12.000Z" Fixes #24617. *Andrew White* * Add `init_with` to `ActiveSupport::TimeWithZone` and `ActiveSupport::TimeZone` It is helpful to be able to run apps concurrently written in successive versions of Rails to aid migration, e.g. run Rails 4.2 and 5.0 variants of your application at the same time to carry out A/B testing. To do this serialization formats need to be cross compatible and the change in 3aa26cf didn't meet this criteria because the Psych loader checks for the existence of `init_with` before setting the instance variables and the wrapping behavior of `ActiveSupport::TimeWithZone` tries to see if the `Time` instance responds to `init_with` before the `@time` variable is set. To fix this we backported just the `init_with` behavior from the change in 3aa26cf. If the revived instance is then written out to YAML again it will revert to the default Rails 4.2 behavior of converting it to a UTC timestamp string. Fixes #26296. *Andrew White* * Fix `ActiveSupport::TimeWithZone#in` across DST boundaries. Previously calls to `in` were being sent to the non-DST aware method `Time#since` via `method_missing`. It is now aliased to the DST aware `ActiveSupport::TimeWithZone#since` which handles transitions across DST boundaries, e.g: Time.zone = "US/Eastern" t = Time.zone.local(2016,11,6,1) # => Sun, 06 Nov 2016 01:00:00 EDT -05:00 t.in(1.hour) # => Sun, 06 Nov 2016 01:00:00 EST -05:00 Fixes #26580. *Thomas Balthazar* ## Rails 4.2.7 (July 12, 2016) ## * Fixed `ActiveSupport::Logger.broadcast` so that calls to `#silence` now properly delegate to all loggers. Silencing now properly suppresses logging to both the log and the console. *Kevin McPhillips* * Backported `ActiveSupport::LoggerThreadSafeLevel`. Assigning the `Rails.logger.level` is now thread safe. *Kevin McPhillips* * Fixed a problem with ActiveSupport::SafeBuffer.titleize calling capitalize on nil. *Brian McManus* * Time zones: Ensure that the UTC offset reflects DST changes that occurred since the app started. Removes UTC offset caching, reducing performance, but this is still relatively quick and isn't in any hot paths. *Alexey Shein* * Prevent `Marshal.load` from looping infinitely when trying to autoload a constant which resolves to a different name. *Olek Janiszewski* ## Rails 4.2.6 (March 07, 2016) ## * No changes. ## Rails 4.2.5.2 (February 26, 2016) ## * No changes. ## Rails 4.2.5.1 (January 25, 2015) ## * No changes. ## Rails 4.2.5 (November 12, 2015) ## * Fix `TimeWithZone#eql?` to properly handle `TimeWithZone` created from `DateTime`: twz = DateTime.now.in_time_zone twz.eql?(twz.dup) => true Fixes #14178. *Roque Pinel* * Handle invalid UTF-8 characters in `MessageVerifier.verify`. *Roque Pinel*, *Grey Baker* ## Rails 4.2.4 (August 24, 2015) ## * Fix a `SystemStackError` when encoding an `Enumerable` with `json` gem and with the Active Support JSON encoder loaded. Fixes #20775. *Sammy Larbi*, *Prathamesh Sonpatki* * Fix not calling `#default` on `HashWithIndifferentAcess#to_hash` when only `default_proc` is set, which could raise. *Simon Eskildsen* * Fix setting `default_proc` on `HashWithIndifferentAccess#dup` *Simon Eskildsen* ## Rails 4.2.3 (June 25, 2015) ## * Fix a range of values for parameters of the Time#change *Nikolay Kondratyev* * Add some missing `require 'active_support/deprecation'` *Akira Matsuda* ------------------------------------------------------------------- Tue Jan 26 17:06:45 UTC 2016 - jmassaguerpla@suse.com - fix bnc#963334 - CVE-2016-0753: rubygem-activemodel, rubygem-activesupport, rubygem-activerecord: Input Validation Circumvention CVE-2016-0753.patch: contains the fix ------------------------------------------------------------------- Tue Jan 26 15:23:17 UTC 2016 - jmassaguerpla@suse.com - fix CVE-2015-7576: rubygem-actionpack, rubygem-activesupport: Timing attack vulnerability in basic authentication in Action Controller CVE-2015-7576.patch: contains the fix (bsc#963329) ------------------------------------------------------------------- Wed Jul 1 17:41:40 UTC 2015 - jmassaguerpla@suse.com - updated to version 4.2.2: * Fix XSS vulnerability in ActiveSupport::JSON.encode method. CVE-2015-3226 (bnc#934799). * Fix denial of service vulnerability in the XML processing. CVE-2015-3227 (bnc#934800). ------------------------------------------------------------------- Mon Mar 23 11:12:09 UTC 2015 - coolo@suse.com - updated to version 4.2.1 * Fixed a problem where String#truncate_words would get stuck with a complex string. *Henrik Nygren* * Fixed a roundtrip problem with AS::SafeBuffer where primitive-like strings will be dumped as primitives: Before: YAML.load ActiveSupport::SafeBuffer.new("Hello").to_yaml # => "Hello" YAML.load ActiveSupport::SafeBuffer.new("true").to_yaml # => true YAML.load ActiveSupport::SafeBuffer.new("false").to_yaml # => false YAML.load ActiveSupport::SafeBuffer.new("1").to_yaml # => 1 YAML.load ActiveSupport::SafeBuffer.new("1.1").to_yaml # => 1.1 After: YAML.load ActiveSupport::SafeBuffer.new("Hello").to_yaml # => "Hello" YAML.load ActiveSupport::SafeBuffer.new("true").to_yaml # => "true" YAML.load ActiveSupport::SafeBuffer.new("false").to_yaml # => "false" YAML.load ActiveSupport::SafeBuffer.new("1").to_yaml # => "1" YAML.load ActiveSupport::SafeBuffer.new("1.1").to_yaml # => "1.1" *Godfrey Chan* * Replace fixed `:en` with `I18n.default_locale` in `Duration#inspect`. *Dominik Masur* * Add missing time zone definitions for Russian Federation and sync them with `zone.tab` file from tzdata version 2014j (latest). *Andrey Novikov* ------------------------------------------------------------------- Mon Jan 19 21:13:16 UTC 2015 - dmueller@suse.com - update to 4.1.9: * `Method` objects now report themselves as not `duplicable?`. This allows hashes and arrays containing `Method` objects to be `deep_dup`ed. ------------------------------------------------------------------- Mon Nov 10 14:00:03 UTC 2014 - tboerger@suse.com - To get rails 4 running on SLE 11 i have switched the rb_build_versions definition to rub21 as it is activated within devel:languages:ruby. That way we can get running rails 4 on SLE 11 too. ------------------------------------------------------------------- Tue Oct 14 10:00:19 UTC 2014 - coolo@suse.com - updated to version 4.1.6 * Fix DateTime comparison with DateTime::Infinity object. * Fixed a compatibility issue with the `Oj` gem when cherry-picking the file `active_support/core_ext/object/json` without requiring `active_support/json`. Fixes #16131. * Make Dependencies pass a name to NameError error. * Fixed precision error in NumberHelper when using Rationals. before: ActiveSupport::NumberHelper.number_to_rounded Rational(1000, 3), precision: 2 #=> "330.00" after: ActiveSupport::NumberHelper.number_to_rounded Rational(1000, 3), precision: 2 #=> "333.33" See #15379. ------------------------------------------------------------------- Wed Jul 23 13:30:47 UTC 2014 - mrueckert@suse.com - - initial package
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor