Search
j0ke.net Open Build Service
>
Projects
>
J0KE.NET
:
infrastructure
>
rubygem-actionpack-2_1
> rubygem-actionpack-2_1.changes
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File rubygem-actionpack-2_1.changes of Package rubygem-actionpack-2_1 (Revision 3)
Currently displaying revision
3
,
show latest
------------------------------------------------------------------- Fri Nov 28 19:32:07 CET 2008 - mrueckert@suse.de - update to version 2.1.2 * Sanitize the URLs passed to redirect_to to prevent a potential response splitting attack [koz] * Fixed FormTagHelper#submit_tag with :disable_with option wouldn't submit the button's value when was clicked #633 [Jose Fernandez] ------------------------------------------------------------------- Fri Sep 12 18:05:48 CEST 2008 - mrueckert@suse.de - update to version 2.1.1 * All 2xx requests are considered successful [Josh Peek] * Deprecate the limited follow_redirect in functional tests. If you wish to follow redirects, use integration tests. [Michael Koziarski] * Fixed that AssetTagHelper#compute_public_path shouldn't cache the asset_host along with the source or per-request proc's won't run [DHH] * Deprecate define_javascript_functions, javascript_include_tag and friends are much better [Michael Koziarski] * Fix polymorphic_url with singleton resources. #461 [Tammer Saleh] * Deprecate ActionView::Base.erb_variable. Use the concat helper method instead of appending to it directly. [Jeremy Kemper] * Fixed Request#remote_ip to only raise hell if the HTTP_CLIENT_IP and HTTP_X_FORWARDED_FOR doesn't match (not just if they're both present) [Mark Imbriaco, Bradford Folkens] ------------------------------------------------------------------- Wed Jun 4 02:54:09 CEST 2008 - mrueckert@suse.de - update to version 2.1.0: - revamped cache handling - many bugfixes for all changes see see /usr/lib*/ruby/gems/1.8/gems/actionpack-2.1.0/CHANGELOG - branched package from the 2.0 package ------------------------------------------------------------------- Wed Feb 20 23:17:54 CET 2008 - mrueckert@suse.de - do not obsolete the old name as it leads to trouble on upgrade. this will handled by the wrapper package. ------------------------------------------------------------------- Wed Feb 20 23:17:54 CET 2008 - mrueckert@suse.de - do not obsolete the old name as it leads to trouble on upgrade. this will handled by the wrapper package. ------------------------------------------------------------------- Thu Jan 17 15:43:46 CET 2008 - mrueckert@suse.de - update to version 1.13.6 * Correct Broken Fix for session_fixation attacks * Ensure that cookies handle array values correctly. Closes #9937 [queso] - branch new packge rubygem-actionpack-1_13 to allow parallel installation of multiple major branches - removed rubygem-actionpack-1.13.x_session_fixation_attack.patch included in update ------------------------------------------------------------------- Fri Nov 23 00:33:20 CET 2007 - mrueckert@suse.de - updated rubygem-actionpack-1.13.x_session_fixation_attack.patch new name rubygem-actionpack-1.13.x_session_fixation_attack_v2.patch: The original upstream patch only worked for the first request. Do not delete the cookie_only option from the session options. (#332441) (CVE-2007-6077) ------------------------------------------------------------------- Wed Oct 17 16:48:01 CEST 2007 - mrueckert@suse.de - added rubygem-actionpack-1.13.x_session_fixation_attack.patch: Reject session informations from the query string (#332441) (CVE-2007-5380) ------------------------------------------------------------------- Wed Oct 17 17:52:39 CEST 2007 - mrueckert@suse.de - update to version 1.13.5 * Backport: allow array and hash query parameters. Array route parameters are converted/to/a/path as before. #6765, #7047, #7462 [bgipsy, Jeremy McAnally, Dan Kubb, brendan, Diego Algorta Casamayou] * Fix in place editor's setter action with non-string fields. #7418 [Andreas] - additional changes from version 1.13.4 * Only accept session ids from cookies, prevents session fixation attacks. [bradediger] (CVE-2007-5380) (bnc #332441) * Change the resource seperator from ; to / change the generated routes to use the new-style named routes. e.g. new_group_user_path(@group) instead of group_new_user_path(@group). [pixeltrix] * Integration tests: introduce methods for other HTTP methods. #6353 [caboose] * Improve performance of action caching. Closes #8231 [skaes] * Fix errors with around_filters which do not yield, restore 1.1 behaviour with after filters. Closes #8891 [skaes] After filters will *no longer* be run if an around_filter fails to yield, users relying on this behaviour are advised to put the code in question after a yield statement in an around filter. * Allow you to delete cookies with options. Closes #3685 [josh, Chris Wanstrath] * Deprecate pagination. Install the classic_pagination plugin for forward compatibility, or move to the superior will_paginate plugin. #8157 [Mislav Marohnic] * Fix filtered parameter logging with nil parameter values. #8422 [choonkeat] * Integration tests: alias xhr to xml_http_request and add a request_method argument instead of always using POST. #7124 [Nik Wakelin, Francois Beausoleil, Wizard] * Document caches_action. #5419 [Jarkko Laine] * observe_form always sends the serialized form. #5271 [manfred, normelton@gmail.com] * Update UrlWriter to accept :anchor parameter. Closes #6771. [octopod] * Replace the current block/continuation filter chain handling by an implementation based on a simple loop. Closes #8226 [Stefan Kaes] * Return the string representation from an Xml Builder when rendering a partial. #5044 [tpope] * Cleaned up, corrected, and mildly expanded ActionPack documentation. Closes #7190 [jeremymcanally] * Small collection of ActionController documentation cleanups. Closes #7319 [jeremymcanally] * Performance: patch cgi/session/pstore to require digest/md5 once rather than per #initialize. #7583 [Stefan Kaes] * Deprecation: verification with :redirect_to => :named_route shouldn't be deprecated. #7525 [Justin French] ------------------------------------------------------------------- Mon May 14 16:32:28 CEST 2007 - mrueckert@suse.de - update to version 1.13.3: * Fix a bug in Routing where a parameter taken from the path of the current request could not be used as a query parameter for the next. #6752 [Nicholas Seckar] * session_enabled? works with session :off. #6680 [Catfish] * Performance: patch cgi/session to require digest/md5 once rather than per #create_new_id. [Stefan Kaes] - additional changes from 1.13.2: * Add much-needed html-scanner tests. Fixed CDATA parsing bug. [Rick] * improve error message for Routing for named routes. [Rob Sanheim] * Added enhanced docs to routing assertions. [Rob Sanheim] * fix form_for example in ActionController::Resources documentation. [gnarg] * Add singleton resources from trunk [Rick Olson] * select :multiple => true suffixes the attribute name with [] unless already suffixed. #6977 [nik.kakelin, ben, julik] * Improve routes documentation. #7095 [zackchandler] * Resource member routes require :id, eliminating the ambiguous overlap with collection routes. #7229 [dkubb] * Fixed NumberHelper#number_with_delimiter to use "." always for splitting the original number, not the delimiter parameter #7389 [ceefour] * Autolinking recognizes trailing and embedded . , : ; #7354 [Jarkko Laine] * Make TextHelper::auto_link recognize URLs with colons in path correctly, fixes #7268. [imajes] * Improved auto_link to match more valid urls correctly [Tobias Luetke] ------------------------------------------------------------------- Wed Jan 24 00:57:59 CET 2007 - mrueckert@suse.de - update to version 1.13.1: update for rails 1.2.1. Too many changes to mention them here. see /usr/lib*/ruby/gems/1.8/gems/actionpack-1.13.1/CHANGELOG ------------------------------------------------------------------- Fri Aug 11 02:33:25 CEST 2006 - mrueckert@suse.de - update to version 1.12.5: * update for the previous security fix ------------------------------------------------------------------- Thu Aug 10 12:40:16 CEST 2006 - mrueckert@suse.de - update to version 1.12.4: * Documentation fix: integration test scripts don't require integration_test. (rails:#4914) [Frederick Ros <sl33p3r@free.fr>] * ActionController::Base Summary documentation rewrite. (rails:#4900) [kevin.clark@gmail.com] * Fix text_helper.rb documentation rendering. (rails:#4725) [Frederick Ros] * Fixes bad rendering of JavaScriptMacrosHelper rdoc. (rails:#4910) [Frederick Ros] * Enhance documentation for setting headers in integration tests. Skip auto HTTP prepending when its already there. (rails:#4079) [Rick Olson] * Documentation for AbstractRequest. (rails:#4895) [kevin.clark@gmail.com] * Remove all remaining references to @params in the documentation. [Marcel Molina Jr.] * Add documentation for redirect_to :back's RedirectBackError exception. [Marcel Molina Jr.] * Update layout and content_for documentation to use yield rather than magic @content_for instance variables. [Marcel Molina Jr.] * Cache CgiRequest#request_parameters so that multiple calls don't re-parse multipart data. [Rick] * Fixed that remote_form_for can leave out the object parameter and default to the instance variable of the object_name, just like form_for [DHH] * Added ActionController.filter_parameter_logging that makes it easy to remove passwords, credit card numbers, and other sensitive information from being logged when a request is handled. (rails:#1897) [jeremye@bsa.ca.gov] * Fixed that real files and symlinks should be treated the same when compiling templates. (rails:#5438) [zachary@panandscan.com] * Add :status option to send_data and send_file. Defaults to '200 OK'. (rails:#5243) [Manfred Stienstra <m.stienstra@fngtps.com>] * Update documentation for erb trim syntax. (rails:#5651) [matt@mattmargolis.net] * Short documentation to mention use of Mime::Type.register. (rails:#5710) [choonkeat@gmail.com] ------------------------------------------------------------------- Sat Jul 1 04:21:38 CEST 2006 - mrueckert@suse.de - update to version 1.12.3: * Fix broken traverse_to_controller. We now: Look for a _controller.rb file under RAILS_ROOT to load. If we find it, we require_dependency it and return the controller it defined. (If none was defined we stop looking.) If we don't find it, we look for a .rb file under RAILS_ROOT to load. If we find it, and it loads a constant we keep looking. Otherwise we check to see if a directory of the same name exists, and if it does we create a module for it. * Refinement to avoid exceptions in traverse_to_controller. * (Hackish) Fix loading of arbitrary files in Ruby's load path * by traverse_to_controller. [Nicholas Seckar] ------------------------------------------------------------------- Wed Jun 21 01:06:03 CEST 2006 - mrueckert@suse.de - use rubygems_with_buildroot_patch instead of the versioned buildrequires ------------------------------------------------------------------- Mon Jun 19 18:37:41 CEST 2006 - mrueckert@suse.de - Initial package version 1.12.1