- 17 11月, 2014 1 次提交
-
-
由 Aaron Patterson 提交于
Conflicts: actionpack/lib/action_dispatch/middleware/static.rb make sure that unreadable files are also not leaked CVE-2014-7829 Conflicts: actionpack/lib/action_dispatch/middleware/static.rb
-
- 11 10月, 2014 1 次提交
-
-
由 Aaron Patterson 提交于
FileHandler#matches? should return false for files that are outside the "root" path. Conflicts: actionpack/lib/action_dispatch/middleware/static.rb Conflicts: actionpack/lib/action_dispatch/middleware/static.rb actionpack/test/dispatch/static_test.rb
-
- 19 2月, 2014 1 次提交
-
-
由 Rafael Mendonça França 提交于
Before we were calling to_sym in the mime type, even when it is unknown what can cause denial of service since symbols are not removed by the garbage collector. Fixes: CVE-2014-0082
-
- 04 12月, 2013 4 次提交
-
-
由 Aaron Patterson 提交于
Backport Rails 3.2.16 Security Fixes to Rails 3.1.x
-
由 Michael Koziarski 提交于
The previous implementation of this functionality could be accidentally subverted by instantiating a raw Rack::Request before the first Rails::Request was constructed. Fixes CVE-2013-6417 Conflicts: actionpack/lib/action_dispatch/http/request.rb
-
由 Michael Koziarski 提交于
i18n doesn't depend on active support which means it can't use our html_safe code to do its escaping when generating the spans. Rather than try to sanitize the output from i18n, just revert to our old behaviour of rescuing the error and constructing the tag ourselves. Fixes: CVE-2013-4491 Conflicts: actionpack/lib/action_view/helpers/translation_helper.rb Backport: 50afd8eec9d088ad5a2d41f00a05520d5b78a6a0
-
由 Michael Koziarski 提交于
Fixes CVE-2013-6415 Previously the values were trusted blindly allowing for potential XSS attacks.
-
- 01 12月, 2013 1 次提交
-
-
由 Aaron Patterson 提交于
CVE-2013-6414 Conflicts: actionpack/lib/action_view/lookup_context.rb
-
- 10 4月, 2013 1 次提交
-
-
由 Aaron Patterson 提交于
* 3-1-later: adding test for CVE
-
- 19 3月, 2013 2 次提交
-
-
由 Prem Sichanugrist 提交于
-
由 Aaron Patterson 提交于
-
- 16 3月, 2013 4 次提交
-
-
由 Aaron Patterson 提交于
Conflicts: actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb
-
由 Ben Murphy 提交于
Conflicts: activesupport/test/xml_mini/jdom_engine_test.rb
-
由 Charlie Somerville 提交于
-
由 Aaron Patterson 提交于
-
- 28 2月, 2013 3 次提交
-
-
由 Guillermo Iguaran 提交于
Update gemspec to get mail 2.4 as the main version, 2.3.3 has security i...
-
由 Josh Owens 提交于
-
由 Steve Klabnik 提交于
This reverts commit 921a296a.
-
- 17 2月, 2013 2 次提交
-
-
由 Xavier Noria 提交于
Update activemodel/CHANGELOG.md
-
由 joernchen of Phenoelit 提交于
Fixed a typo ;)
-
- 14 2月, 2013 1 次提交
-
-
由 Carlos Antonio da Silva 提交于
Thanks to @jmccartie.
-
- 12 2月, 2013 1 次提交
-
-
由 Carlos Antonio da Silva 提交于
Also add note about attr_protected change.
-
- 11 2月, 2013 1 次提交
-
-
由 Aaron Patterson 提交于
-
- 10 2月, 2013 2 次提交
-
-
由 Aaron Patterson 提交于
-
由 joernchen of Phenoelit 提交于
protection Fixes: CVE-2013-0276
-
- 09 2月, 2013 1 次提交
-
-
由 Guillermo Iguaran 提交于
[3.1] Fix test failure for ruby 1.8
-
- 08 2月, 2013 2 次提交
-
-
由 robertomiranda 提交于
-
由 Guillermo Iguaran 提交于
[3.1] active_record: Quote numeric values compared to string columns.
-
- 07 2月, 2013 1 次提交
-
-
由 Dylan Smith 提交于
-
- 27 1月, 2013 2 次提交
- 16 1月, 2013 3 次提交
-
-
由 Carlos Antonio da Silva 提交于
Conflicts: Gemfile railties/test/application/route_inspect_test.rb railties/test/generators_test.rb
-
由 Rafael Mendonça França 提交于
Fix 3-1-stable to work with Mocha >= v0.13.0
-
由 James Mead 提交于
A) Update code in ActiveSupport which monkey-patches Test::Unit to include Mocha bug fix. A bug was fixed [1] in Mocha's integration with Test::Unit, but this monkey-patching code was copied before the fix. We need to copy the fixed version. The bug meant that an unexpected invocation against a mock within the teardown method caused a test *error* and not a test *failure*. B) Fix for Test::Unit/Mocha compatibility. Mocha is now using a single AssertionCounter which needs a reference to the testcase as opposed to the result. This change is an unfortunate consequence of the copying of a chunk of Mocha's internal code in order to monkey-patch Test::Unit. C) Avoid a Mocha deprecation warning. [1] https://github.com/freerange/mocha/commit/f1ff6475ca2871f2977ab84cabbbfe2adadbbee6#diff-5
-
- 12 1月, 2013 1 次提交
-
-
由 Andrew White 提交于
-
- 11 1月, 2013 2 次提交
-
-
由 Jeremy Kemper 提交于
3-1-stable: Fix JSON params parsing regression for non-object JSON content.
-
由 Dylan Smith 提交于
Backports #8855.
-
- 10 1月, 2013 3 次提交
-
-
由 Carlos Antonio da Silva 提交于
-
由 Rafael Mendonça França 提交于
Backport multi_json dependency revert of #5861 to 3-1-stable
-
由 Jeremy Kemper 提交于
Revert #5861. Feature-detect which MultiJson API to use. Conflicts: activesupport/activesupport.gemspec This backports multi_json version depedency changes as applied. Rationale: #5861 Patch by sferik
-