File rubygem-actionpack-5.2.changes of Package rubygem-actionpack-5.2

Overview Repositories Revisions Requests Users Attributes Meta

File rubygem-actionpack-5.2.changes of Package rubygem-actionpack-5.2

-------------------------------------------------------------------
Thu Aug  4 12:49:45 UTC 2022 - Stephan Kulow <coolo@suse.com>

updated to version 5.2.8.1
 see installed CHANGELOG.md

## Rails 5.2.8.1 (July 12, 2022) ##
  
  *   No changes.
  
  
  ## Rails 5.2.8 (May 09, 2022) ##
  
  *   No changes.

-------------------------------------------------------------------
Thu Apr 28 05:08:18 UTC 2022 - Stephan Kulow <coolo@suse.com>

updated to version 5.2.7.1
 see installed CHANGELOG.md

## Rails 5.2.7.1 (April 26, 2022) ##
  
  *   Allow Content Security Policy DSL to generate for API responses.
  
      *Tim Wade*
  
  ## Rails 5.2.7 (March 10, 2022) ##
  
  *   No changes.
  
  ## Rails 5.2.6.3 (March 08, 2022) ##
  
  *   No changes.

-------------------------------------------------------------------
Tue Feb 15 07:06:29 UTC 2022 - Stephan Kulow <coolo@suse.com>

updated to version 5.2.6.2
 see installed CHANGELOG.md

## Rails 5.2.6.2 (February 11, 2022) ##
  
  *   No changes.
  
  
  ## Rails 5.2.6.1 (February 11, 2022) ##
  
  *   Under certain circumstances, the middleware isn't informed that the
      response body has been fully closed which result in request state not
      being fully reset before the next request
  
      [CVE-2022-23633]

-------------------------------------------------------------------
Thu Jun 24 16:48:01 UTC 2021 - Stephan Kulow <coolo@suse.com>

updated to version 5.2.6
 see installed CHANGELOG.md

## Rails 5.2.6 (May 05, 2021) ##
  
  *   Accept base64_urlsafe CSRF tokens to make forward compatible.
  
      Base64 strict-encoded CSRF tokens are not inherently websafe, which makes
      them difficult to deal with. For example, the common practice of sending
      the CSRF token to a browser in a client-readable cookie does not work properly
      out of the box: the value has to be url-encoded and decoded to survive transport.
  
      In this version, we generate Base64 urlsafe-encoded CSRF tokens, which are inherently
      safe to transport. Validation accepts both urlsafe tokens, and strict-encoded
      tokens for backwards compatibility.
  
      How the tokes are encoded is controllr by the `action_controller.urlsafe_csrf_tokens`
      config.
  
      In Rails 5.2.5, the CSRF token format was accidentally changed to urlsafe-encoded.
  
      **Atention**: If you already upgraded your application to 5.2.5, set the config
      `urlsafe_csrf_tokens` to `true`, otherwise your form submission will start to fail
      during the deploy of this new version.
  
      ```ruby
      Rails.application.config.action_controller.urlsafe_csrf_tokens = true
      ```
  
      If you are upgrading from 5.2.4.x, you don't need to change this configuration.
  
      *Scott Blum*, *Étienne Barrié*
  
  
  ## Rails 5.2.5 (March 26, 2021) ##
  
  *   No changes.
  
  
  ## Rails 5.2.4.6 (May 05, 2021) ##
  
  *   Prevent regex DoS in HTTP token authentication
      CVE-2021-22904
  
  *   Prevent string polymorphic route arguments.
  
      `url_for` supports building polymorphic URLs via an array
      of arguments (usually symbols and records). If a developer passes a
      user input array, strings can result in unwanted route helper calls.
  
      CVE-2021-22885
  
      *Gannon McGibbon*
  
  ## Rails 5.2.4.5 (February 10, 2021) ##
  
  *   No changes.

-------------------------------------------------------------------
Fri Sep 25 13:19:36 UTC 2020 - Stephan Kulow <coolo@suse.com>

updated to version 5.2.4.4
 see installed CHANGELOG.md

## Rails 5.2.4.4 (September 09, 2020) ##
  
  *   No changes.
  
  
  ## Rails 5.2.4.3 (May 18, 2020) ##
  
  *   [CVE-2020-8166] HMAC raw CSRF token before masking it, so it cannot be used to reconstruct a per-form token
  
  *   [CVE-2020-8164] Return self when calling #each, #each_pair, and #each_value instead of the raw @parameters hash

-------------------------------------------------------------------
Thu May  7 19:58:11 UTC 2020 - Stephan Kulow <coolo@suse.com>

- updated to version 5.2.4.2
 see installed CHANGELOG.md

-------------------------------------------------------------------
Fri Dec 20 15:12:50 UTC 2019 - Marcus Rueckert <mrueckert@suse.de>

- update to version 5.2.4.1 (CVE-2019-16782):
  https://weblog.rubyonrails.org/2019/12/18/Rails-5-2-4-1-has-been-released/

-------------------------------------------------------------------
Thu Nov 28 12:52:16 UTC 2019 - Manuel Schnitzer <mschnitzer@suse.com>

- updated to version 5.2.4

* no changes

-------------------------------------------------------------------
Fri Mar 29 05:49:58 UTC 2019 - Stephan Kulow <coolo@suse.com>

- updated to version 5.2.3
 see installed CHANGELOG.md

## Rails 5.2.3 (March 27, 2019) ##
  
  *   Allow using combine the Cache Control `public` and `no-cache` headers.
  
      Before this change, even if `public` was specified for Cache Control header,
      it was excluded when `no-cache` was included. This fixed to keep `public`
      header as is.
  
      Fixes #34780.
  
      *Yuji Yaginuma*
  
  *   Allow `nil` params for `ActionController::TestCase`.
  
      *Ryo Nakamura*

-------------------------------------------------------------------
Thu Mar 14 03:44:21 UTC 2019 - Marcus Rueckert <mrueckert@suse.de>

- update to version 5.2.2.1:
  https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/
  CVE-2019-5418 CVE-2019-5419 CVE-2019-5420

-------------------------------------------------------------------
Sat Jan 19 19:50:56 UTC 2019 - Marcus Rueckert <mrueckert@suse.de>

- rb_build_ruby_abi needs to be rb_build_ruby_abis

-------------------------------------------------------------------
Fri Jan 18 16:24:32 UTC 2019 - Marcus Rueckert <mrueckert@suse.de>

- limit to ruby 2.5 and above for 42.3/sle12

-------------------------------------------------------------------
Sat Dec  8 16:12:29 UTC 2018 - Stephan Kulow <coolo@suse.com>

- updated to version 5.2.2
 see installed CHANGELOG.md

## Rails 5.2.2 (December 04, 2018) ##
  
  *   Reset Capybara sessions if failed system test screenshot raising an exception.
  
      Reset Capybara sessions if `take_failed_screenshot` raise exception
      in system test `after_teardown`.
  
      *Maxim Perepelitsa*
  
  *   Use request object for context if there's no controller
  
      There is no controller instance when using a redirect route or a
      mounted rack application so pass the request object as the context
      when resolving dynamic CSP sources in this scenario.
  
      Fixes #34200.
  
      *Andrew White*
  
  *   Apply mapping to symbols returned from dynamic CSP sources
  
      Previously if a dynamic source returned a symbol such as :self it
      would be converted to a string implicity, e.g:
  
          policy.default_src -> { :self }
  
      would generate the header:
  
          Content-Security-Policy: default-src self
  
      and now it generates:
  
          Content-Security-Policy: default-src 'self'
  
      *Andrew White*
  
  *   Fix `rails routes -c` for controller name consists of multiple word.
  
      *Yoshiyuki Kinjo*
  
  *   Call the `#redirect_to` block in controller context.
  
      *Steven Peckins*

-------------------------------------------------------------------
Mon Dec  3 06:18:31 UTC 2018 - mschnitzer@suse.com

- updated to version 5.2.1.1 (boo#1118076)

* No changes / Just a version bump to match with Rails 5.2.1.1

-------------------------------------------------------------------
Wed Aug  8 14:44:15 UTC 2018 - mschnitzer@suse.com

- updated to version 5.2.1 (boo#1104209)

* Prevent `?null=` being passed on JSON encoded test requests.

`RequestEncoder#encode_params` won't attempt to parse params if
    there are none.

So call like this will no longer append a `?null=` query param.

get foos_url, as: :json

(Alireza Bashiri)
  * Ensure `ActionController::Parameters#transform_values` and
    `ActionController::Parameters#transform_values!` converts hashes into
    parameters.
    (Kevin Sjöberg)
  * Fix strong parameters `permit!` with nested arrays.

Given:
    ```
    params = ActionController::Parameters.new(nested_arrays: [[{ x: 2, y: 3 }, { x: 21, y: 42 }]])
    params.permit!
    ```

`params[:nested_arrays][0][0].permitted?` will now return `true` instead of `false`.
    (Steve Hull)
  * Reset `RAW_POST_DATA` and `CONTENT_LENGTH` request environment between test requests in
    `ActionController::TestCase` subclasses.
    (Eugene Kenny)
  * Output only one Content-Security-Policy nonce header value per request.
    Fixes #32597.
    (Andrey Novikov, Andrew White)
  * Only disable GPUs for headless Chrome on Windows.
    It is not necessary anymore for Linux and macOS machines.
    https://bugs.chromium.org/p/chromium/issues/detail?id=737678#c1
    (Stefan Wrobel)
  * Fix system tests transactions not closed between examples.
    (Sergey Tarasov)

-------------------------------------------------------------------
Mon Apr 16 12:05:02 UTC 2018 - mschnitzer@suse.com

- initialize package
  
  see changelog: https://github.com/rails/rails/blob/v5.2.0/actionpack/CHANGELOG.md

Places

File rubygem-actionpack-5.2.changes of Package rubygem-actionpack-5.2

Places