Permalink
Commits on Nov 16, 2014
  1. correctly escape backslashes in request path globs

    tenderlove committed Nov 5, 2014
    Conflicts:
    	actionpack/lib/action_dispatch/middleware/static.rb
    
    make sure that unreadable files are also not leaked
    
    CVE-2014-7829
    
    Conflicts:
    	actionpack/lib/action_dispatch/middleware/static.rb
Commits on Oct 10, 2014
  1. FileHandler should not be called for files outside the root

    tenderlove committed Oct 10, 2014
    FileHandler#matches? should return false for files that are outside the
    "root" path.
    
    Conflicts:
    	actionpack/lib/action_dispatch/middleware/static.rb
    
    Conflicts:
    	actionpack/lib/action_dispatch/middleware/static.rb
    	actionpack/test/dispatch/static_test.rb
Commits on Feb 18, 2014
  1. Use the reference for the mime type to get the format

    rafaelfranca committed Feb 12, 2014
    Before we were calling to_sym in the mime type, even when it is unknown
    what can cause denial of service since symbols are not removed by the
    garbage collector.
    
    Fixes: CVE-2014-0082
Commits on Dec 4, 2013
  1. Merge pull request #13151 from hone/3-1-stable

    tenderlove committed Dec 4, 2013
    Backport Rails 3.2.16 Security Fixes to Rails 3.1.x
  2. Deep Munge the parameters for GET and POST

    NZKoz committed with hone Nov 30, 2013
    The previous implementation of this functionality could be accidentally
    subverted by instantiating a raw Rack::Request before the first Rails::Request
    was constructed.
    
    Fixes CVE-2013-6417
    
    Conflicts:
    	actionpack/lib/action_dispatch/http/request.rb
  3. Stop using i18n's built in HTML error handling.

    NZKoz committed with hone Oct 31, 2013
    i18n doesn't depend on active support which means it can't use our html_safe
    code to do its escaping when generating the spans.  Rather than try to sanitize
    the output from i18n, just revert to our old behaviour of rescuing the error
    and constructing the tag ourselves.
    
    Fixes: CVE-2013-4491
    
    Conflicts:
    	actionpack/lib/action_view/helpers/translation_helper.rb
    
    Backport: 50afd8eec9d088ad5a2d41f00a05520d5b78a6a0
  4. Escape the unit value provided to number_to_currency

    NZKoz committed with hone Nov 13, 2013
    Fixes CVE-2013-6415
    
    Previously the values were trusted blindly allowing for potential XSS attacks.
Commits on Dec 1, 2013
  1. Only use valid mime type symbols as cache keys

    tenderlove committed Dec 1, 2013
    CVE-2013-6414
    
    Conflicts:
    	actionpack/lib/action_view/lookup_context.rb
Commits on Apr 9, 2013
  1. Merge branch '3-1-later' into 3-1-stable

    tenderlove committed Apr 9, 2013
    * 3-1-later:
      adding test for CVE
Commits on Mar 18, 2013
  1. bumping to 3.1.12

    tenderlove committed Mar 18, 2013
Commits on Mar 16, 2013
  1. fix protocol checking in sanitization [CVE-2013-1857]

    tenderlove committed Mar 15, 2013
    Conflicts:
    	actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb
  2. JDOM XXE Protection [CVE-2013-1856]

    benmmurphy committed with tenderlove Feb 8, 2013
    Conflicts:
    	activesupport/test/xml_mini/jdom_engine_test.rb
Commits on Feb 28, 2013
  1. Merge pull request #9475 from queso/update-mail

    guilleiguaran committed Feb 28, 2013
    Update gemspec to get mail 2.4 as the main version, 2.3.3 has security i...
Commits on Feb 27, 2013
  1. Revert "Merge pull request #9208 from dylanahsmith/3-2-mysql-quote-nu…

    steveklabnik committed Feb 27, 2013
    …meric"
    
    This reverts commit 921a296.
Commits on Feb 16, 2013
  1. Merge pull request #9309 from joernchen/patch-2

    fxn committed Feb 16, 2013
    Update activemodel/CHANGELOG.md
  2. Update activemodel/CHANGELOG.md

    joernchen committed Feb 16, 2013
    Fixed a typo ;)
Commits on Feb 14, 2013
  1. Fix changelog typos [ci skip]

    carlosantoniodasilva committed Feb 14, 2013
    Thanks to @jmccartie.
Commits on Feb 12, 2013
  1. Update changelogs with version/release dates [ci skip]

    carlosantoniodasilva committed Feb 12, 2013
    Also add note about attr_protected change.
Commits on Feb 11, 2013
  1. bumping to 3.1.11

    tenderlove committed Feb 11, 2013
Commits on Feb 10, 2013
  1. adding test for CVE

    tenderlove committed Feb 10, 2013
  2. Fix issue with attr_protected where malformed input could circumvent

    joernchen committed with tenderlove Feb 9, 2013
    protection
    
    Fixes: CVE-2013-0276
Commits on Feb 8, 2013
  1. Merge pull request #9226 from robertomiranda/fix-bigdecimal-test

    guilleiguaran committed Feb 8, 2013
    [3.1] Fix test failure for ruby 1.8
  2. Merge pull request #9209 from dylanahsmith/3-1-mysql-quote-numeric

    guilleiguaran committed Feb 8, 2013
    [3.1] active_record: Quote numeric values compared to string columns.
Commits on Feb 7, 2013
Commits on Jan 26, 2013
Commits on Jan 16, 2013
  1. Update mocha version to 0.13.0 and change requires

    carlosantoniodasilva committed Nov 12, 2012
    Conflicts:
    	Gemfile
    	railties/test/application/route_inspect_test.rb
    	railties/test/generators_test.rb
  2. Merge pull request #8871 from freerange/3-1-stable-with-mocha-fixes

    rafaelfranca committed Jan 16, 2013
    Fix 3-1-stable to work with Mocha >= v0.13.0
  3. Fix 3-1-stable to work with Mocha >= v0.13.0

    floehopper committed Aug 26, 2012
    A) Update code in ActiveSupport which monkey-patches Test::Unit to
    include Mocha bug fix.
    
    A bug was fixed [1] in Mocha's integration with Test::Unit, but this
    monkey-patching code was copied before the fix. We need to copy the
    fixed version.
    
    The bug meant that an unexpected invocation against a mock within the
    teardown method caused a test *error* and not a test *failure*.
    
    B) Fix for Test::Unit/Mocha compatibility.
    
    Mocha is now using a single AssertionCounter which needs a reference to
    the testcase as opposed to the result.
    
    This change is an unfortunate consequence of the copying of a chunk of
    Mocha's internal code in order to monkey-patch Test::Unit.
    
    C) Avoid a Mocha deprecation warning.
    
    [1]
    freerange/mocha@f1ff647#diff-5
Commits on Jan 12, 2013