Permalink
Browse files

adding security notifications to CHANGELOGs

  • Loading branch information...
1 parent 7182748 commit 44aca7b29502995b3e2ed94f7288646f134ff612 @tenderlove tenderlove committed May 31, 2012
Showing with 6 additions and 0 deletions.
  1. +3 −0 actionpack/CHANGELOG.md
  2. +3 −0 activerecord/CHANGELOG.md
View
@@ -21,6 +21,9 @@
* Fix the redirect when it receive blocks with arity of 1. Closes #5677
+* Strip [nil] from parameters hash. Thanks to Ben Murphy for
+ reporting this! CVE-2012-2660
+
## Rails 3.2.3 (March 30, 2012) ##
* Allow to lazy load `default_form_builder` by passing a `String` instead of a constant. *Piotr Sarnacki*
@@ -13,6 +13,9 @@
* Fix #5667. Preloading should ignore scoping.
+* Predicate builder should not recurse for determining where columns.
+ Thanks to Ben Murphy for reporting this! CVE-2012-2661
+
## Rails 3.2.3 (March 30, 2012) ##
* Added find_or_create_by_{attribute}! dynamic method. *Andrew White*

0 comments on commit 44aca7b

Please sign in to comment.