Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP2:GA
rubygem-actionpack-5_1
rubygem-actionpack-5_1.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File rubygem-actionpack-5_1.changes of Package rubygem-actionpack-5_1
------------------------------------------------------------------- Wed Oct 30 14:07:44 UTC 2024 - pgajdos@suse.com - security update - added patches fix CVE-2024-47887 [bsc#1231729], Possible ReDoS vulnerability in HTTP Token authentication in Action Controller + 0010-CVE-2024-47887.patch fix CVE-2024-42228 [bsc#1228667], Using uninitialized value *size when calling amdgpu_vce_cs_reloc + 0011-CVE-2024-42228.patch ------------------------------------------------------------------- Wed Jan 10 13:26:14 UTC 2024 - Valentin Lefebvre <valentin.lefebvre@suse.com> - modified patches + 0009-CVE-2020-8166.patch (fixed) - rubygem-actionpack-5_1-CVE-2020-8166.patch (renamed) ------------------------------------------------------------------- Mon Oct 9 11:34:52 UTC 2023 - pgajdos@suse.com - security update * fix CVE-2020-8166 patch port [bsc#1215707] ------------------------------------------------------------------- Thu Sep 21 11:17:08 UTC 2023 - pgajdos@suse.com - security update - added patches fix CVE-2020-8166 [bsc#1172182], Ability to forge per-form CSRF tokens given a global CSRF token + rubygem-actionpack-5_1-CVE-2020-8166.patch ------------------------------------------------------------------- Tue Jul 18 13:01:41 UTC 2023 - pgajdos@suse.com - security update - added patches fix CVE-2023-28362 [bsc#1213312], Possible XSS via User Supplied Values to redirect_to + 0008-CVE-2023-28362.patch ------------------------------------------------------------------- Fri Jan 27 10:08:37 UTC 2023 - Valentin Lefebvre <valentin.lefebvre@suse.com> - Add patch to fix CVE-2023-22795 (bsc#1207451) 0007-CVE-2023-22795.patch ------------------------------------------------------------------- Thu Jan 26 17:23:42 UTC 2023 - Valentin Lefebvre <valentin.lefebvre@suse.com> - Add patch to fix CVE-2023-22792 (bsc#1207455) 0006-CVE-2023-22792.patch ------------------------------------------------------------------- Thu Jun 2 12:57:41 UTC 2022 - Manuel Schnitzer <mschnitzer@suse.com> - Added patch 0005-CVE-2021-22904.patch to fix CVE-2021-22904 (bsc#1185780) ------------------------------------------------------------------- Wed Jun 1 16:39:21 UTC 2022 - Manuel Schnitzer <mschnitzer@suse.com> - Added patch 0004-CVE-2022-23633.patch to fix CVE-2022-23633 (bsc#1196182) ------------------------------------------------------------------- Mon May 10 11:01:41 UTC 2021 - Jacek Tomasiak <jtomasiak@suse.com> - Added patch 0003-CVE-2021-22885.patch (CVE-2021-22885, bsc#1185715) ------------------------------------------------------------------- Fri Jul 31 11:10:30 UTC 2020 - Manuel Schnitzer <mschnitzer@suse.com> - CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack. There is a strong parameters bypass vector in ActionPack. (bsc#1172177) - Added patch 0002-CVE-2020-8164.patch - Renamed patch CVE-2019-5418_and_CVE-2019-5419.patch to 0001-CVE-2019-5418_and_CVE-2019-5419.patch ------------------------------------------------------------------- Mon Mar 18 12:46:31 UTC 2019 - Lukas Krause <lukas.krause@suse.com> - Add CVE-2019-5418_and_CVE-2019-5419.patch (CVE-2019-5418, CVE-2019-5419, bsc#1129272, bsc#1129271) * CVE-2019-5418: There is a possible file content disclosure vulnerability in Action View. Specially crafted accept headers in combination with calls to `render file:` can cause arbitrary files on the target server to be rendered, disclosing the file contents. * CVE-2019-5419: Specially crafted accept headers can cause the Action View template location code to consume 100% CPU, causing the server unable to process requests. This impacts all Rails applications that render views. - Add series file for better patch handling with quilt ------------------------------------------------------------------- Fri Sep 8 13:37:12 UTC 2017 - enavarro@suse.com - Update to version 5.1.4 see installed CHANGELOG.md ------------------------------------------------------------------- Wed Aug 9 07:52:57 UTC 2017 - cbruckmayer@suse.com - Update to version 5.1.3 ------------------------------------------------------------------- Sat Jun 24 06:15:03 UTC 2017 - adrian@suse.de - update to version 5.1.1 ------------------------------------------------------------------- Mon Dec 5 15:35:14 UTC 2016 - cbruckmayer@suse.com - Add patch for fixing content type is nil Already merged into upstream and will be included in the next rails version 5.0.0.2 https://github.com/rails/rails/pull/25950 ------------------------------------------------------------------- Fri Aug 12 04:30:28 UTC 2016 - coolo@suse.com - updated to version 5.0.0.1 see installed CHANGELOG.md ------------------------------------------------------------------- Mon Jul 4 09:08:07 UTC 2016 - coolo@suse.com - updated to rails 5.0 - see http://weblog.rubyonrails.org/2016/6/30/Rails-5-0-final/ ------------------------------------------------------------------- Tue Mar 8 05:29:36 UTC 2016 - coolo@suse.com - updated to version 4.2.6 see installed CHANGELOG.md ## Rails 4.2.6 (March 07, 2016) ## * No changes. ------------------------------------------------------------------- Tue Mar 1 05:30:50 UTC 2016 - coolo@suse.com - updated to version 4.2.5.2 see installed CHANGELOG.md ## Rails 4.2.5.2 (February 26, 2016) ## * Do not allow render with unpermitted parameter. Fixes CVE-2016-2098. *Arthur Neves* ## Rails 4.2.5.1 (January 25, 2015) ## * No changes. ------------------------------------------------------------------- Tue Jan 26 05:29:36 UTC 2016 - coolo@suse.com - updated to version 4.2.5.1 see installed CHANGELOG.md ------------------------------------------------------------------- Fri Nov 13 05:29:06 UTC 2015 - coolo@suse.com - updated to version 4.2.5 see installed CHANGELOG.md ## Rails 4.2.5 (November 12, 2015) ## * `ActionController::TestCase` can teardown gracefully if an error is raised early in the `setup` chain. *Yves Senn* * Parse RSS/ATOM responses as XML, not HTML. *Alexander Kaupanin* * Fix regression in mounted engine named routes generation for app deployed to a subdirectory. `relative_url_root` was prepended to the path twice (e.g. "/subdir/subdir/engine_path" instead of "/subdir/engine_path") Fixes #20920. Fixes #21459. *Matthew Erhard* * `url_for` does not modify its arguments when generating polymorphic URLs. *Bernerd Schaefer* * Update `ActionController::TestSession#fetch` to behave more like `ActionDispatch::Request::Session#fetch` when using non-string keys. *Jeremy Friesen* ------------------------------------------------------------------- Tue Aug 25 04:29:18 UTC 2015 - coolo@suse.com - updated to version 4.2.4 see installed CHANGELOG.md ## Rails 4.2.4 (August 24, 2015) ## * ActionController::TestSession now accepts a default value as well as a block for generating a default value based off the key provided. This fixes calls to session#fetch in ApplicationController instances that take more two arguments or a block from raising `ArgumentError: wrong number of arguments (2 for 1)` when performing controller tests. *Matthew Gerrior* * Fix to keep original header instance in `ActionDispatch::SSL` `ActionDispatch::SSL` changes headers to `Hash`. So some headers will be broken if there are some middlewares on `ActionDispatch::SSL` and if it uses `Rack::Utils::HeaderHash`. *Fumiaki Matsushima* ------------------------------------------------------------------- Fri Jun 26 04:29:34 UTC 2015 - coolo@suse.com - updated to version 4.2.3 see installed CHANGELOG.md ## Rails 4.2.3 (June 25, 2015) ## * Fix rake routes not showing the right format when nesting multiple routes. See #18373. *Ravil Bayramgalin* * Fix regression where a gzip file response would have a Content-type, even when it was a 304 status code. See #19271. *Kohei Suzuki* * Fix handling of empty X_FORWARDED_HOST header in raw_host_with_port Previously, an empty X_FORWARDED_HOST header would cause Actiondispatch::Http:URL.raw_host_with_port to return nil, causing Actiondispatch::Http:URL.host to raise a NoMethodError. *Adam Forsyth* * Fallback to `ENV['RAILS_RELATIVE_URL_ROOT']` in `url_for`. Fixed an issue where the `RAILS_RELATIVE_URL_ROOT` environment variable is not prepended to the path when `url_for` is called. If `SCRIPT_NAME` (used by Rack) is set, it takes precedence. Fixes #5122. *Yasyf Mohamedali* * Fix regression in functional tests. Responses should have default headers assigned. See #18423. *Jeremy Kemper*, *Yves Senn* ------------------------------------------------------------------- Wed Jun 17 04:30:01 UTC 2015 - coolo@suse.com - updated to version 4.2.2 see installed CHANGELOG.md ## Rails 4.2.2 (June 16, 2015) ## * No Changes * ------------------------------------------------------------------- Sun Mar 22 09:07:28 UTC 2015 - coolo@suse.com - updated to version 4.2.1, see CHANGELOG.md ------------------------------------------------------------------- Wed Jan 28 12:29:23 UTC 2015 - adrian@suse.de - update to 4.2.0 ------------------------------------------------------------------- Mon Jan 19 21:09:53 UTC 2015 - dmueller@suse.com - update to 4.1.9: * Fixed handling of positional url helper arguments when `format: false`. * Restore handling of a bare `Authorization` header, without `token=` prefix. * Fix regression where path was getting overwritten when route anchor was false, and X-Cascade pass * Fix a bug where malformed query strings lead to 500. * Fix arbitrary file existence disclosure in Action Pack (CVE-2014-7829) * Fix arbitrary file existence disclosure in Action Pack (CVE-2014-7818) ------------------------------------------------------------------- Mon Nov 10 14:00:03 UTC 2014 - tboerger@suse.com - To get rails 4 running on SLE 11 i have switched the rb_build_versions definition to rub21 as it is activated within devel:languages:ruby. That way we can get running rails 4 on SLE 11 too. ------------------------------------------------------------------- Sun Oct 12 16:20:05 UTC 2014 - coolo@suse.com - updated to version 4.1.6 * Prepend a JS comment to JSONP callbacks. Addresses CVE-2014-4671 ("Rosetta Flash") * Because URI paths may contain non US-ASCII characters we need to force the encoding of any unescaped URIs to UTF-8 if they are US-ASCII. This essentially replicates the functionality of the monkey patch to URI.parser.unescape in active_support/core_ext/uri.rb. Fixes #16104. * Generate shallow paths for all children of shallow resources. Fixes #15783. * JSONP responses are now rendered with the `text/javascript` content type when rendering through a `respond_to` block. Fixes #15081. * Fix env['PATH_INFO'] missing leading slash when a rack app mounted at '/'. Fixes #15511. * ActionController::Parameters#require now accepts `false` values. Fixes #15685. ------------------------------------------------------------------- Wed Jul 23 13:26:43 UTC 2014 - mrueckert@suse.com - - initial package
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor