Skip to content
Commits on Apr 22, 2013
  1. @fxn
Commits on Apr 9, 2013
  1. @tenderlove

    Merge branch '2-3-later' into 2-3-stable

    tenderlove committed
    * 2-3-later:
      adding test for CVE
Commits on Apr 4, 2013
  1. @fxn


    fxn committed
  2. @fxn

    removes the obsolete task pdoc

    fxn committed
  3. @fxn
  4. @fxn

    Revert "Revert "Revert "Switched to newer rdoc and gem package tasks …

    fxn committed
    …(and their requires)."""
    We need an old RDoc to be able to generate the API.
    This reverts commit af7da4d.
Commits on Mar 18, 2013
  1. @tenderlove

    bumping to 2.3.18

    tenderlove committed
  2. @tenderlove

    Revert "Revert "Switched to newer rdoc and gem package tasks (and the…

    tenderlove committed
    …ir requires).""
    I can't build the gems without reverting this commit.
    This reverts commit dad3109.
Commits on Mar 16, 2013
  1. @tenderlove

    fix protocol checking in sanitization [CVE-2013-1857]

    tenderlove committed
  2. @charliesome @tenderlove

    fix incorrect ^$ usage leading to XSS in sanitize_css [CVE-2013-1855]

    charliesome committed with tenderlove
  3. @tenderlove
Commits on Feb 15, 2013
  1. @fxn

    Revert "Switched to newer rdoc and gem package tasks (and their requi…

    fxn committed
    This is a manual revert of commit 79aa54d, since the commit itself touches
    in addition some version numbers.
    API generation before Rails 3 uses the Jamis template, which requires an
    old version of RDoc. To generate the API you need Rake 0.8.x or 0.9.x,
    and the RDoc distributed with 1.8.7 (version 1.0.1).
Commits on Feb 11, 2013
  1. @tenderlove

    Merge branch '2-3-sec' into 2-3-stable

    tenderlove committed
    * 2-3-sec:
      bumping to 2.3.17
      fix serialization vulnerability
      fixing attr_protected CVE-2013-0276
  2. @carlosantoniodasilva

    Revert "Merge pull request #9251 from Davidslv/patch-1"

    carlosantoniodasilva committed
    This reverts commit d6adcb4, reversing
    changes made to 2e4aa39.
    Reason: merged to unmaintained branch.
  3. @carlosantoniodasilva

    Merge pull request #9251 from Davidslv/patch-1

    carlosantoniodasilva committed
    Add alias to maintain coherence with other methods, in end_of_day
  4. @Davidslv

    Update activesupport/lib/active_support/core_ext/time/calculations.rb

    Davidslv committed
    Just maintaining the coherence with other methods, since everything has "at_" as prefix.
  5. @tenderlove

    bumping to 2.3.17

    tenderlove committed
  6. @kratob @tenderlove
Commits on Feb 10, 2013
  1. @tenderlove

    adding test for CVE

    tenderlove committed
  2. @tenderlove
Commits on Feb 6, 2013
  1. @fxn

    Merge pull request #9194 from kwstannard/2-3-stable

    fxn committed
    Docs: Fixed bad exists? documentation.
Commits on Feb 5, 2013
  1. @kwstannard

    Docs: Fixed bad exists? documentation.

    kwstannard committed
    Base#exists? does not actually take options like finder methods. Trying
    to use what the documentation suggests will return a PG error because it
    will look for a column named 'conditions'.
    I changed the documentation to reflect how the exists? method actually
Commits on Feb 2, 2013
  1. @rafaelfranca
  2. @morgancurrie @rafaelfranca

    use the decimal HTML escape code for single quotes instead of the hex…

    morgancurrie committed with rafaelfranca
    … one so webkit-based browsers properly translate the code in form fields
Commits on Jan 28, 2013
  1. @carlosantoniodasilva

    Merge pull request #9099 from pietro/2-3-gemspec-bump

    carlosantoniodasilva committed
    Bump version on 2.3 gemspecs too.
  2. @pietro

    Bump version on gemspecs too.

    pietro committed
  3. @tenderlove

    bumping version

    tenderlove committed
  4. @NZKoz @tenderlove

    Add an OkJson backend and remove the YAML backend

    NZKoz committed with tenderlove
    Fixes CVE-2013-0333.  The ActiveSupport::JSON::Backends::Yaml class is present but the functionality has been removed entirely.
Commits on Jan 24, 2013
  1. @tenderlove
  2. @tenderlove

    backporting deep_munge

    tenderlove committed
  3. @tenderlove

    Squashed commit of the following:

    tenderlove committed
    commit 9ef905f
    Author: Rafael Mendonça França <>
    Date:   Tue Aug 7 22:38:40 2012 -0300
        Fix tests about single quote escaping
    commit 780a718
    Author: Santiago Pastorino <>
    Date:   Tue Jul 31 22:25:54 2012 -0300
        html_escape should escape single quotes
        Closes #7215
  4. @spastorino @tenderlove

    Do not mark strip_tags result as html_safe

    spastorino committed with tenderlove
    Thanks to Marek Labos & Nethemba
  5. @tenderlove

    fixing load error messages

    tenderlove committed
Commits on Jan 22, 2013
  1. @steveklabnik

    Merge pull request #9030 from johndouthat/2-3-stable

    steveklabnik committed
    Add .gemspec files to 2-3-stable to help Bundler
  2. @johndouthat

    Add gemspecs for bundler

    johndouthat committed
Something went wrong with that request. Please try again.