@@ -1,3 +1,9 @@ +*1.2.6* (November 24th, 2007) + +* Fix :cookie_only to correctly avoid session fixation attacks (CVE-2007-6077) + +* Fix regression where the association would not construct new finder SQL on save causing bogus queries for "WHERE owner_id = NULL" even after owner was saved. + *1.2.5* (October 12th, 2007) * Correct RAILS_GEM_VERSION regexp. Use =version gem requirement instead of ~>version so you don't get surprised by a beta gem in production. This change means upgrading to 1.2.5 will require a boot.rb upgrade. [Jeremy Kemper] railties/CHANGELOG d421bb96f7620a52ede74407f0e36af1a03016a0 Michael Koziarski michael@koziarski.com http://github.com/rails/rails/commit/9c190098e0f80cf2638223142f335ffb25212b86 9c190098e0f80cf2638223142f335ffb25212b86 2007-11-23T16:04:37-08:00 2007-11-23T16:04:37-08:00 Forgot railties changelog git-svn-id: http://svn-commit.rubyonrails.org/rails/branches/1-2-stable@8196 5ecf4fe2-1ee6-0310-87b1-e25e094e27de 7caa3ea26ba9e9edc8e37e95c967fb3c35303753 Michael Koziarski michael@koziarski.com