Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Commits on Feb 18, 2014
  1. @rafaelfranca

    Use the reference for the mime type to get the format

    rafaelfranca authored
    Before we were calling to_sym in the mime type, even when it is unknown
    what can cause denial of service since symbols are not removed by the
    garbage collector.
    
    Fixes: CVE-2014-0082
Commits on Dec 1, 2013
  1. @tenderlove

    Only use valid mime type symbols as cache keys

    tenderlove authored
    CVE-2013-6414
    
    Conflicts:
    	actionpack/lib/action_view/lookup_context.rb
Commits on Mar 16, 2013
  1. @tenderlove

    fix protocol checking in sanitization [CVE-2013-1857]

    tenderlove authored
    Conflicts:
    	actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb
  2. @charliesome @tenderlove
Commits on Jan 29, 2013
  1. @ndbroadbent @jsomara
Commits on Jan 28, 2013
  1. @tenderlove

    bumping to 3.0.20

    tenderlove authored
Commits on Jan 12, 2013
  1. @pixeltrix
Commits on Jan 11, 2013
  1. @dylanahsmith
Commits on Jan 8, 2013
  1. @tenderlove

    bumping version

    tenderlove authored
  2. @tenderlove

    * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] …

    tenderlove authored
    …* dealing with empty hashes. Thanks Damien Mathieu
    
    Conflicts:
    	actionpack/CHANGELOG.md
    	activerecord/CHANGELOG.md
    
    Conflicts:
    	actionpack/CHANGELOG.md
    	activerecord/CHANGELOG.md
    	activerecord/lib/active_record/relation/predicate_builder.rb
Commits on Dec 23, 2012
  1. @tenderlove

    bumping to 3.0.18

    tenderlove authored
Commits on Aug 9, 2012
  1. @spastorino

    Bump to 3.0.17

    spastorino authored
  2. @spastorino

    Do not mark strip_tags result as html_safe

    spastorino authored
    Thanks to Marek Labos & Nethemba
    
    CVE-2012-3465
  3. @spastorino

    escape select_tag :prompt values

    spastorino authored
    CVE-2012-3463
Commits on Jul 26, 2012
  1. @tenderlove

    bumping to 3.0.16

    tenderlove authored
  2. @tenderlove
Commits on Jun 13, 2012
  1. @tenderlove

    3.0.15

    tenderlove authored
Commits on Jun 11, 2012
  1. @tenderlove

    bumping to 3.0.14

    tenderlove authored
  2. @tenderlove
Commits on May 31, 2012
  1. @tenderlove

    bumping to 3.0.13

    tenderlove authored
  2. @tenderlove

    Merge branch '3-0-stable-sec' into 3-0-rel

    tenderlove authored
    * 3-0-stable-sec:
      Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this!
      predicate builder should not recurse for determining where columns. Thanks to Ben Murphy for reporting this
Commits on May 30, 2012
  1. @tenderlove

    Strip [nil] from parameters hash.

    tenderlove authored
    Thanks to Ben Murphy for reporting this!
    
    CVE-2012-2660
    
    Conflicts:
    
    	actionpack/lib/action_dispatch/http/request.rb
Commits on May 28, 2012
  1. @tenderlove

    bumping to 3.0.13.rc1

    tenderlove authored
Commits on May 26, 2012
  1. @homakov

    do not force sanitize and whitelist protocols for auto_link

    homakov authored
    sanitize is not always required so we cannot make it. let's just
    whitelist protocols
Commits on May 25, 2012
  1. @homakov

    auto_link final sanitize

    homakov authored
Commits on Mar 27, 2012
  1. @tenderlove

    Merge pull request #5613 from carlosantoniodasilva/fix-build-3-0-193

    tenderlove authored
    Fix build for branch 3-0-stable - Ruby 1.9.3
  2. @josevalim @drogus

    Avoid inspecting the whole route set, closes #1525

    josevalim authored drogus committed
  3. @tenderlove @carlosantoniodasilva
Commits on Mar 26, 2012
  1. @carlosantoniodasilva

    Fix AV::FixtureResolver and rjs tests with random order errors

    carlosantoniodasilva authored
    Due to the hash ordering changes on Ruby 1.8.7-p358.
Commits on Mar 15, 2012
  1. @tenderlove

    Merge pull request #5456 from brianmario/redirect-sanitization

    tenderlove authored
    Strip null bytes from Location header
    Conflicts:
    
    	actionpack/test/controller/redirect_test.rb
Commits on Mar 1, 2012
  1. @tenderlove

    bumping to 3.0.12

    tenderlove authored
  2. @tenderlove

    Merge branch '3-0-stable-security' into 3-0-12

    tenderlove authored
    * 3-0-stable-security:
      Ensure [] respects the status of the buffer.
      use AS::SafeBuffer#clone_empty for flushing the output_buffer
      add AS::SafeBuffer#clone_empty
      fix output safety issue with select options
Commits on Feb 22, 2012
  1. @tenderlove

    updating RAILS_VERSION

    tenderlove authored
  2. @jonleighton
Commits on Feb 21, 2012
  1. @amatsuda @tenderlove
Something went wrong with that request. Please try again.