Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Branch: 2-3-stable
Commits on Jan 20, 2013
  1. @ernie @guilleiguaran

    Fix for CVE-2013-0155

    ernie authored guilleiguaran committed
Commits on Jan 17, 2013
  1. @jeremy

    Revert "bump up rack version to the one that includes the Hash DoS fix"

    jeremy authored
    Rack 1.1.3 also changes the Set-Cookie header to expects a
    newline-delimited string instead of an Array, which breaks Rails 2.3's
    expectations in a variety of ways.
    This reverts commit 27a508c.
Commits on Jan 8, 2013
  1. @tenderlove

    bumping to 2.3.15 :cry::gun:

    tenderlove authored
  2. @jeremy @tenderlove
Commits on Jan 3, 2013
  1. @tenderlove

    Merge pull request #6722 from adgear/2-3-stable

    tenderlove authored
    Backported rails 2.3 fix for CVE-2012-2695
Commits on Jan 2, 2013
Commits on Dec 23, 2012
  1. @tenderlove
Commits on Jun 13, 2012
  1. Fix SQL injection via nested hashes in conditions

    Justin Collins authored Mina Naguib committed
Commits on Mar 29, 2012
  1. @fxn

    Merge pull request #5653 from eee-c/patch-1

    fxn authored
    Doc fixes in 2.3: validates_length_of
  2. @eee-c
Commits on Dec 31, 2011
  1. @josevalim

    Merge pull request #4247 from amatsuda/hashdos_23

    josevalim authored
    bump up rack version to the one that includes the Hash DoS fix
  2. @amatsuda
Commits on Dec 29, 2011
  1. @tenderlove

    Merge pull request #4202 from dasch/request-remote-ip

    tenderlove authored
    Fix bug in `ActionController::Request#remote_ip`
Commits on Dec 27, 2011
  1. @dasch

    Make Request#remote_ip return nil when HTTP_X_FORWARDED_FOR is empty

    dasch authored
    If HTTP_X_FORWARDED_FOR only contains whitespace, don't try to extract a
    list of IP addresses from it.
Commits on Aug 16, 2011
  1. @tenderlove
  2. @tenderlove
  3. @tenderlove
  4. @tenderlove

    2.3.14. yay. :'(

    tenderlove authored
  5. @tenderlove

    bumping to 2.3.13

    tenderlove authored
  6. @tenderlove
  7. @tenderlove
Commits on Aug 4, 2011
  1. @tenderlove
Commits on Jul 27, 2011
  1. @fxn

    contrib app minor tweak

    fxn authored
Commits on Jun 17, 2011
  1. @josevalim

    Merge pull request #1740 from Antiarchitect/2-3-stable

    josevalim authored
    Fix OrderedHash merging with block given.
  2. @Antiarchitect
Commits on Jun 16, 2011
  1. @Antiarchitect
Commits on Jun 9, 2011
  1. @bcardarella @tenderlove

    Remove deprecation warning for ActiveRecord::Errors#generate_message.…

    bcardarella authored tenderlove committed
    … This is the same API that ActiveModel ended up using and that won't be changing.
Commits on Jun 7, 2011
  1. @tenderlove
Commits on May 25, 2011
  1. @zenspider

    + Switched to newer rdoc and gem package tasks (and their requires).

    zenspider authored
    + Fixed deprecated usage in gemspecs.
    Bumped the version to 2.3.12 so I could test locally with actual
    installs. If this is bad form for this project, please beat me up and
    I'll split them out.
Commits on May 12, 2011
  1. @zenspider

    Removed the bulk of the deprecations by simply not calling refresh.

    zenspider authored
    This may cause problems. I dunno.
    The real solution is to get rid of all of this mess and use gem paths properly.
  2. @zenspider

    Fixed buggy gem activation. Don't pass a dependency to gem, pass the

    zenspider authored
    name and requirement. Better, just activate the spec for the
    dependency (1.8 only)
  3. @zenspider

    Removed buggy GemDependency#requirement override. Overrides should NE…

    zenspider authored
    …VER change the semantics of the parent (returning nil if default).
  4. @zenspider
  5. @zenspider
Commits on Apr 28, 2011
  1. @josevalim

    Merged pull request #198 from robdimarco/2-3-stable.

    josevalim authored
    Patch for issue 6440 - Session Reset undefined method `destroy' for {}:Hash
Something went wrong with that request. Please try again.