Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Please login to access the resource
devel:languages:ruby:extensions
rubygem-actionpack-5.2
rubygem-actionpack-5.2.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File rubygem-actionpack-5.2.changes of Package rubygem-actionpack-5.2
------------------------------------------------------------------- Thu Aug 4 12:49:45 UTC 2022 - Stephan Kulow <coolo@suse.com> updated to version 5.2.8.1 see installed CHANGELOG.md ## Rails 5.2.8.1 (July 12, 2022) ## * No changes. ## Rails 5.2.8 (May 09, 2022) ## * No changes. ------------------------------------------------------------------- Thu Apr 28 05:08:18 UTC 2022 - Stephan Kulow <coolo@suse.com> updated to version 5.2.7.1 see installed CHANGELOG.md ## Rails 5.2.7.1 (April 26, 2022) ## * Allow Content Security Policy DSL to generate for API responses. *Tim Wade* ## Rails 5.2.7 (March 10, 2022) ## * No changes. ## Rails 5.2.6.3 (March 08, 2022) ## * No changes. ------------------------------------------------------------------- Tue Feb 15 07:06:29 UTC 2022 - Stephan Kulow <coolo@suse.com> updated to version 5.2.6.2 see installed CHANGELOG.md ## Rails 5.2.6.2 (February 11, 2022) ## * No changes. ## Rails 5.2.6.1 (February 11, 2022) ## * Under certain circumstances, the middleware isn't informed that the response body has been fully closed which result in request state not being fully reset before the next request [CVE-2022-23633] ------------------------------------------------------------------- Thu Jun 24 16:48:01 UTC 2021 - Stephan Kulow <coolo@suse.com> updated to version 5.2.6 see installed CHANGELOG.md ## Rails 5.2.6 (May 05, 2021) ## * Accept base64_urlsafe CSRF tokens to make forward compatible. Base64 strict-encoded CSRF tokens are not inherently websafe, which makes them difficult to deal with. For example, the common practice of sending the CSRF token to a browser in a client-readable cookie does not work properly out of the box: the value has to be url-encoded and decoded to survive transport. In this version, we generate Base64 urlsafe-encoded CSRF tokens, which are inherently safe to transport. Validation accepts both urlsafe tokens, and strict-encoded tokens for backwards compatibility. How the tokes are encoded is controllr by the `action_controller.urlsafe_csrf_tokens` config. In Rails 5.2.5, the CSRF token format was accidentally changed to urlsafe-encoded. **Atention**: If you already upgraded your application to 5.2.5, set the config `urlsafe_csrf_tokens` to `true`, otherwise your form submission will start to fail during the deploy of this new version. ```ruby Rails.application.config.action_controller.urlsafe_csrf_tokens = true ``` If you are upgrading from 5.2.4.x, you don't need to change this configuration. *Scott Blum*, *Étienne Barrié* ## Rails 5.2.5 (March 26, 2021) ## * No changes. ## Rails 5.2.4.6 (May 05, 2021) ## * Prevent regex DoS in HTTP token authentication CVE-2021-22904 * Prevent string polymorphic route arguments. `url_for` supports building polymorphic URLs via an array of arguments (usually symbols and records). If a developer passes a user input array, strings can result in unwanted route helper calls. CVE-2021-22885 *Gannon McGibbon* ## Rails 5.2.4.5 (February 10, 2021) ## * No changes. ------------------------------------------------------------------- Fri Sep 25 13:19:36 UTC 2020 - Stephan Kulow <coolo@suse.com> updated to version 5.2.4.4 see installed CHANGELOG.md ## Rails 5.2.4.4 (September 09, 2020) ## * No changes. ## Rails 5.2.4.3 (May 18, 2020) ## * [CVE-2020-8166] HMAC raw CSRF token before masking it, so it cannot be used to reconstruct a per-form token * [CVE-2020-8164] Return self when calling #each, #each_pair, and #each_value instead of the raw @parameters hash ------------------------------------------------------------------- Thu May 7 19:58:11 UTC 2020 - Stephan Kulow <coolo@suse.com> - updated to version 5.2.4.2 see installed CHANGELOG.md ------------------------------------------------------------------- Fri Dec 20 15:12:50 UTC 2019 - Marcus Rueckert <mrueckert@suse.de> - update to version 5.2.4.1 (CVE-2019-16782): https://weblog.rubyonrails.org/2019/12/18/Rails-5-2-4-1-has-been-released/ ------------------------------------------------------------------- Thu Nov 28 12:52:16 UTC 2019 - Manuel Schnitzer <mschnitzer@suse.com> - updated to version 5.2.4 * no changes ------------------------------------------------------------------- Fri Mar 29 05:49:58 UTC 2019 - Stephan Kulow <coolo@suse.com> - updated to version 5.2.3 see installed CHANGELOG.md ## Rails 5.2.3 (March 27, 2019) ## * Allow using combine the Cache Control `public` and `no-cache` headers. Before this change, even if `public` was specified for Cache Control header, it was excluded when `no-cache` was included. This fixed to keep `public` header as is. Fixes #34780. *Yuji Yaginuma* * Allow `nil` params for `ActionController::TestCase`. *Ryo Nakamura* ------------------------------------------------------------------- Thu Mar 14 03:44:21 UTC 2019 - Marcus Rueckert <mrueckert@suse.de> - update to version 5.2.2.1: https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/ CVE-2019-5418 CVE-2019-5419 CVE-2019-5420 ------------------------------------------------------------------- Sat Jan 19 19:50:56 UTC 2019 - Marcus Rueckert <mrueckert@suse.de> - rb_build_ruby_abi needs to be rb_build_ruby_abis ------------------------------------------------------------------- Fri Jan 18 16:24:32 UTC 2019 - Marcus Rueckert <mrueckert@suse.de> - limit to ruby 2.5 and above for 42.3/sle12 ------------------------------------------------------------------- Sat Dec 8 16:12:29 UTC 2018 - Stephan Kulow <coolo@suse.com> - updated to version 5.2.2 see installed CHANGELOG.md ## Rails 5.2.2 (December 04, 2018) ## * Reset Capybara sessions if failed system test screenshot raising an exception. Reset Capybara sessions if `take_failed_screenshot` raise exception in system test `after_teardown`. *Maxim Perepelitsa* * Use request object for context if there's no controller There is no controller instance when using a redirect route or a mounted rack application so pass the request object as the context when resolving dynamic CSP sources in this scenario. Fixes #34200. *Andrew White* * Apply mapping to symbols returned from dynamic CSP sources Previously if a dynamic source returned a symbol such as :self it would be converted to a string implicity, e.g: policy.default_src -> { :self } would generate the header: Content-Security-Policy: default-src self and now it generates: Content-Security-Policy: default-src 'self' *Andrew White* * Fix `rails routes -c` for controller name consists of multiple word. *Yoshiyuki Kinjo* * Call the `#redirect_to` block in controller context. *Steven Peckins* ------------------------------------------------------------------- Mon Dec 3 06:18:31 UTC 2018 - mschnitzer@suse.com - updated to version 5.2.1.1 (boo#1118076) * No changes / Just a version bump to match with Rails 5.2.1.1 ------------------------------------------------------------------- Wed Aug 8 14:44:15 UTC 2018 - mschnitzer@suse.com - updated to version 5.2.1 (boo#1104209) * Prevent `?null=` being passed on JSON encoded test requests. `RequestEncoder#encode_params` won't attempt to parse params if there are none. So call like this will no longer append a `?null=` query param. get foos_url, as: :json (Alireza Bashiri) * Ensure `ActionController::Parameters#transform_values` and `ActionController::Parameters#transform_values!` converts hashes into parameters. (Kevin Sjöberg) * Fix strong parameters `permit!` with nested arrays. Given: ``` params = ActionController::Parameters.new(nested_arrays: [[{ x: 2, y: 3 }, { x: 21, y: 42 }]]) params.permit! ``` `params[:nested_arrays][0][0].permitted?` will now return `true` instead of `false`. (Steve Hull) * Reset `RAW_POST_DATA` and `CONTENT_LENGTH` request environment between test requests in `ActionController::TestCase` subclasses. (Eugene Kenny) * Output only one Content-Security-Policy nonce header value per request. Fixes #32597. (Andrey Novikov, Andrew White) * Only disable GPUs for headless Chrome on Windows. It is not necessary anymore for Linux and macOS machines. https://bugs.chromium.org/p/chromium/issues/detail?id=737678#c1 (Stefan Wrobel) * Fix system tests transactions not closed between examples. (Sergey Tarasov) ------------------------------------------------------------------- Mon Apr 16 12:05:02 UTC 2018 - mschnitzer@suse.com - initialize package see changelog: https://github.com/rails/rails/blob/v5.2.0/actionpack/CHANGELOG.md
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor