Commits

Show all
Author Commit Message Labels Comments Date
tenderlove
bumping to 3.0.16
Tags
v3.0.16
tenderlove
updating release date
tenderlove
updating changelog with CVE
tenderlove
* Do not convert digest auth strings to symbols. CVE-2012-3424
tenderlove
updating changelogs
tenderlove
3.0.15
Tags
v3.0.15
tenderlove
we haven't monkey patched the Result class, so use each
tenderlove
updating changelogs
Tags
v3.0.14
tenderlove
bumping to 3.0.14
tenderlove
updating changelogs with security fixes
tenderlove
bumping versions in the CHANGELOG
tenderlove
Merge branch '3-0-stable-sec' into 3-0-stable-rel * 3-0-stable-sec: Array parameters should not contain nil values. Additional fix for CVE-2012-2661
kennyj
Fix GH #3163. Should quote database on mysql/mysql2. Conflicts: activerecord/test/cases/adapters/mysql/mysql_adapter_test.rb Conflicts: activerecord/lib/active_record/connection_adapters/abstract_mysql_adapter.rb activerecord/test/cases/adapters/mysql/mysql_adapter_test.rb Conflicts: activerecord/lib/active_record/connection_adapters/mysql2_adapter.rb activerecord/lib/active_record/connection_adapters/mysql_adapter.rb activerecord/test/ca…
tenderlove
Array parameters should not contain nil values.
Ernie Miller
Additional fix for CVE-2012-2661 While the patched PredicateBuilder in 3.0.13 prevents a user from specifying a table name using the `table.column` format, it doesn't protect against the nesting of hashes changing the table context in the next call to build_from_hash. This fix covers this case as well.
tenderlove
Merge branch '3-0-rel' into 3-0-stable * 3-0-rel: bumping to 3.0.13 updating CHANGELOGs bumping to 3.0.13.rc1
tenderlove
Merge branch '3-0-stable-sec' into 3-0-stable * 3-0-stable-sec: Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this! predicate builder should not recurse for determining where columns. Thanks to Ben Murphy for reporting this
tenderlove
bumping to 3.0.13
Tags
v3.0.13
tenderlove
updating CHANGELOGs
tenderlove
Merge branch '3-0-stable-sec' into 3-0-rel * 3-0-stable-sec: Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this! predicate builder should not recurse for determining where columns. Thanks to Ben Murphy for reporting this
tenderlove
Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this! CVE-2012-2660 Conflicts: actionpack/lib/action_dispatch/http/request.rb
tenderlove
predicate builder should not recurse for determining where columns. Thanks to Ben Murphy for reporting this CVE-2012-2661
tenderlove
bumping to 3.0.13.rc1
Tags
v3.0.13.rc1
Rafael Mendonça França
Remove test for not accepted protocols to auto_link
Rafael Mendonça França
Merge pull request #6495 from homakov/3-0-stable auto_link shouldn't always sanitize
egor homakov
do not force sanitize and whitelist protocols for auto_link sanitize is not always required so we cannot make it. let's just whitelist protocols
tenderlove
Merge pull request #6485 from homakov/3-0-stable auto_link sanitize output
egor homakov
auto_link final sanitize
Andrew White
Lock mocha gem to fix the build New versions of mocha don't allow nil.stubs
Yehuda Katz
Merge pull request #5044 from dracco/3-0-stable Backport Bugfix: Stack Overflow (3-0-stable)
  1. Prev
  2. Next