Before we were calling to_sym in the mime type, even when it is unknown what can cause denial of service since symbols are not removed by the garbage collector. Fixes: CVE-2014-0082
Backport Rails 3.2.16 Security Fixes to Rails 3.1.x
The previous implementation of this functionality could be accidentally subverted by instantiating a raw Rack::Request before the first Rails::Request was constructed. Fixes CVE-2013-6417 Conflicts: actionpack/lib/action_dispatch/http/request.rb
i18n doesn't depend on active support which means it can't use our html_safe code to do its escaping when generating the spans. Rather than try to sanitize the output from i18n, just revert to our old behaviour of rescuing the error and constructing the tag ourselves. Fixes: CVE-2013-4491 Conflicts: actionpack/lib/action_view/helpers/translation_helper.rb Backport: 50afd8e
Fixes CVE-2013-6415 Previously the values were trusted blindly allowing for potential XSS attacks.
CVE-2013-6414 Conflicts: actionpack/lib/action_view/lookup_context.rb
Update gemspec to get mail 2.4 as the main version, 2.3.3 has security i...
…meric" This reverts commit 921a296.
Fixed a typo ;)
Also add note about attr_protected change.
protection Fixes: CVE-2013-0276
[3.1] Fix test failure for ruby 1.8
[3.1] active_record: Quote numeric values compared to string columns.
Conflicts: Gemfile railties/test/application/route_inspect_test.rb railties/test/generators_test.rb
Fix 3-1-stable to work with Mocha >= v0.13.0
A) Update code in ActiveSupport which monkey-patches Test::Unit to include Mocha bug fix. A bug was fixed  in Mocha's integration with Test::Unit, but this monkey-patching code was copied before the fix. We need to copy the fixed version. The bug meant that an unexpected invocation against a mock within the teardown method caused a test *error* and not a test *failure*. B) Fix for Test::Unit/Mocha compatibility. Mocha is now using a single AssertionCounter which needs a reference to the testcase as opposed to the result. This change is an unfortunate consequence of the copying of a chunk of Mocha's internal code in order to monkey-patch Test::Unit. C) Avoid a Mocha deprecation warning.  freerange/mocha@f1ff647#diff-5