Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

adding security notifications to CHANGELOGs

  • Loading branch information...
commit 44aca7b29502995b3e2ed94f7288646f134ff612 1 parent 7182748
@tenderlove tenderlove authored
Showing with 6 additions and 0 deletions.
  1. +3 −0  actionpack/CHANGELOG.md
  2. +3 −0  activerecord/CHANGELOG.md
View
3  actionpack/CHANGELOG.md
@@ -21,6 +21,9 @@
* Fix the redirect when it receive blocks with arity of 1. Closes #5677
+* Strip [nil] from parameters hash. Thanks to Ben Murphy for
+ reporting this! CVE-2012-2660
+
## Rails 3.2.3 (March 30, 2012) ##
* Allow to lazy load `default_form_builder` by passing a `String` instead of a constant. *Piotr Sarnacki*
View
3  activerecord/CHANGELOG.md
@@ -13,6 +13,9 @@
* Fix #5667. Preloading should ignore scoping.
+* Predicate builder should not recurse for determining where columns.
+ Thanks to Ben Murphy for reporting this! CVE-2012-2661
+
## Rails 3.2.3 (March 30, 2012) ##
* Added find_or_create_by_{attribute}! dynamic method. *Andrew White*
Please sign in to comment.
Something went wrong with that request. Please try again.