Permalink
Commits on Jan 11, 2013
  1. Merge pull request #8889 from dylanahsmith/3-1-parse-non-object-json-…

    jeremy committed Jan 11, 2013
    …params
    
    3-1-stable: Fix JSON params parsing regression for non-object JSON content.
Commits on Jan 9, 2013
  1. Merge pull request #8846 from AlexRiedler/revert_5861

    rafaelfranca committed Jan 9, 2013
    Backport multi_json dependency revert of #5861 to 3-1-stable
  2. Merge pull request #5896 from sferik/revert_5861

    jeremy committed with Alex Riedler Apr 21, 2012
    Revert #5861. Feature-detect which MultiJson API to use.
    Conflicts:
    	activesupport/activesupport.gemspec
    
    This backports multi_json version depedency changes as applied.
    
    Rationale: #5861
    
    Patch by sferik
  3. Merge pull request #8835 from sikachu/3-1-stable-fix-ars

    carlosantoniodasilva committed Jan 9, 2013
    Remove test for XML YAML parsing
  4. Remove test for XML YAML parsing

    sikachu committed Jan 9, 2013
    The support for YAML parsing in XML has been removed from Active Support
    since it introduced an security risk. See 8133a81 for more detail.
Commits on Jan 8, 2013
  1. bumping version

    tenderlove committed Jan 8, 2013
  2. * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] …

    tenderlove committed Jan 4, 2013
    …* dealing with empty hashes. Thanks Damien Mathieu
    
    Conflicts:
    	actionpack/CHANGELOG.md
    	activerecord/CHANGELOG.md
  3. Avoid Rack security warning no secret provided

    spastorino committed Jan 8, 2013
    This avoids "SECURITY WARNING: No secret option provided to Rack::Session::Cookie."
Commits on Dec 23, 2012
  1. bumping version to 3.1.9

    tenderlove committed Dec 23, 2012
  2. updating changelogs

    tenderlove committed Dec 23, 2012
Commits on Dec 15, 2012
  1. Be a bit less conservative with mysql in adapter

    carlosantoniodasilva committed Nov 19, 2012
    This will allow the new mysql 2.9.0 to be used, fixing our test issues.
  2. Update xml serialization tests to reflect a change in builder

    carlosantoniodasilva committed Sep 7, 2012
    Due to a change in builder, nil values now generates closed tags,
    so instead of this:
    
        <pseudonyms nil=\"true\"></pseudonyms>
    
    It generates this:
    
        <pseudonyms nil=\"true\"/>
    
    Document this change in Rails so that people can track it down easily if
    necessary.
    
    Changes in Active Model, Active Record and Active Support tests.
    
    Cherry-pick of d65adc7, 77dd3be and 146eaf3. Fix build.
Commits on Dec 14, 2012
  1. test for 8018

    tenderlove committed Dec 14, 2012
Commits on Oct 18, 2012
  1. Require ActionController::Railtie in the default middleware stack.

    rafaelfranca committed Oct 18, 2012
    This will make possible to do a frameworkless initialization since the
    the default middleware stack is self contained.
Commits on Aug 28, 2012
  1. Ensure association preloading properly merges default scope and assoc…

    lifo committed Aug 28, 2012
    …iation conditions
  2. CHANGELOGs are now per branch

    fxn committed Aug 28, 2012
    Check 810a50d for the rationale.
Commits on Aug 17, 2012
  1. Increase benchmark time to 20 seconds.

    jonleighton committed Aug 17, 2012
    I think that 5 seconds was a bit low for our purposes.
    
    Also enable it to be configured via env vars.
    
    We also need to scale the number of records up/down depending on how
    long we're running the benchmark for.
    
    Conflicts:
    	activerecord/examples/performance.rb
  2. Use benchmark/ips to measure AR performance

    jonleighton committed Aug 17, 2012
    This means we can more easily compare numbers, and we don't have to
    specify a single N for all reports, which previously meant that some
    tests were running many more/fewer iterations than necessary.
    
    Conflicts:
    	Gemfile
    	activerecord/examples/performance.rb
Commits on Aug 15, 2012
  1. Add html_escape note to CHANGELOG

    carlosantoniodasilva committed Aug 15, 2012
    This was added to all other branches, but 3-1 missed the entry.
    
    3-0-stable: 954e262
    3-2-stable: ae2383d
    master: 5c07be5
Commits on Aug 9, 2012
  1. Bump to 3.1.8

    spastorino committed Aug 9, 2012
  2. Add CHANGELOG entries

    spastorino committed Aug 9, 2012
  3. Do not mark strip_tags result as html_safe

    spastorino committed Aug 8, 2012
    Thanks to Marek Labos & Nethemba
    
    CVE-2012-3465
  4. escape select_tag :prompt values

    spastorino committed Aug 8, 2012
    CVE-2012-3463
Commits on Aug 7, 2012
Commits on Jul 26, 2012
  1. bumping to 3.1.7

    tenderlove committed Jul 26, 2012
  2. updating rails release date

    tenderlove committed Jul 26, 2012
  3. updating changelog with CVE

    tenderlove committed Jul 26, 2012