Skip to content
Commits on Feb 29, 2016
  1. @rafaelfranca
Commits on Jan 25, 2016
  1. @tenderlove

    bumping version

    tenderlove committed Jan 25, 2016
Commits on Jan 22, 2016
  1. @tenderlove

    use secure string comparisons for basic auth username / password

    tenderlove committed Oct 29, 2015
    this will avoid timing attacks against applications that use basic auth.
    
    Conflicts:
    	activesupport/lib/active_support/security_utils.rb
    
    Conflicts:
    	actionpack/lib/action_controller/metal/http_authentication.rb
    
    CVE-2015-7576
Commits on Jun 16, 2015
  1. @rafaelfranca
  2. @tenderlove @rafaelfranca

    enforce a depth limit on XML documents

    tenderlove committed with rafaelfranca Jun 9, 2015
    XML documents that are too deep can cause an stack overflow, which in
    turn will cause a potential DoS attack.
    
    CVE-2015-3227
    
    Conflicts:
    	activesupport/lib/active_support/xml_mini.rb
Commits on Jan 29, 2015
  1. @jgeiger

    Fix ruby 2.2 comparable warnings

    jgeiger committed Jan 29, 2015
    Check for correct value type in activerecord/fixtures.rb
    Check that zone can respond to expected values to make the comparison.
Commits on Jan 7, 2015
  1. @rafaelfranca

    Remove hard dependency on test-unit

    rafaelfranca committed Jan 7, 2015
    Instead show a error message asking users to add the gem to their
    Gemfile if test-unit could not be loaded.
Commits on Jan 3, 2015
  1. @tmm1
  2. @tmm1
  3. @vipulnsward @tmm1

    Fix `singleton_class?`

    vipulnsward committed with tmm1 Oct 14, 2013
    Due to changes from http://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/39628 current `singleton_class?` implementation fails.
    Changed based on reference from http://bugs.ruby-lang.org/issues/7609
    
    Conflicts:
    	activesupport/lib/active_support/core_ext/class/attribute.rb
  4. @tmm1

    fix yaml compat on ruby 2.2

    tmm1 committed Jan 2, 2015
  5. @tmm1

    try using newer test-unit gem

    tmm1 committed Jan 2, 2015
Commits on Jan 2, 2015
  1. @hsbt @tmm1
Commits on Dec 23, 2014
  1. @tenderlove @tmm1
  2. @tmm1
Commits on Nov 16, 2014
  1. @tenderlove

    bumping version for relesase

    tenderlove committed Nov 16, 2014
Commits on Oct 29, 2014
  1. @tenderlove

    bumping version to 3.2.20

    tenderlove committed Oct 29, 2014
Commits on Jul 2, 2014
  1. @rafaelfranca
Commits on Jun 26, 2014
  1. @rafaelfranca

    Make sure Active Support configurations are applied correctly

    rafaelfranca committed Jun 26, 2014
    Before this patch configuration set using config.active_support
    would not be set.
    
    Closes #15364
Commits on Jun 18, 2014
  1. @guilleiguaran

    Revert "Merge pull request #15794 from vishalzambre/patch-1"

    guilleiguaran committed Jun 18, 2014
    This reverts commit 6d800a9, reversing
    changes made to 6a05129.
    
    We don't apply non-security fixes to 3-2-stable branch!!!
  2. @vishalzambre

    File.exists? is a deprecated name, use File.exist?

    vishalzambre committed Jun 18, 2014
    File.exists? is a deprecated name, use File.exist?
Commits on May 6, 2014
  1. @rafaelfranca
Commits on Feb 18, 2014
  1. @rafaelfranca
Commits on Dec 3, 2013
  1. @tenderlove

    updating the changelog

    tenderlove committed Dec 2, 2013
Commits on Oct 16, 2013
  1. @tenderlove

    updating changelogs

    tenderlove committed Oct 16, 2013
Commits on Oct 15, 2013
  1. @tenderlove

    bumping to 3.2.15

    tenderlove committed Oct 15, 2013
  2. @tenderlove

    Merge branch '3-2-15' into 3-2-sec

    tenderlove committed Oct 15, 2013
    * 3-2-15:
      bumping to rc3
      Revert "Merge pull request #12413 from arthurnn/inverse_of_on_build"
      Revert "Merge pull request #12443 from arthurnn/add_inverse_of_add_target"
      bumping to rc2
      Merge pull request #12443 from arthurnn/add_inverse_of_add_target
      bumping version to 3.2.15.rc1
      Fix STI scopes using benolee's suggestion. Fixes #11939
Commits on Oct 11, 2013
  1. @tenderlove

    bumping to rc3

    tenderlove committed Oct 11, 2013
Commits on Oct 4, 2013
  1. @tenderlove

    bumping to rc2

    tenderlove committed Oct 4, 2013
Commits on Oct 3, 2013
  1. @tenderlove
Commits on Sep 30, 2013
  1. @NZKoz @tenderlove

    Remove the use of String#% when formatting durations in log messages

    NZKoz committed with tenderlove Sep 23, 2013
    This avoids potential format string vulnerabilities where user-provided
    data is interpolated into the log message before String#% is called.
Commits on Sep 28, 2013
  1. @rafaelfranca

    Use Ruby 1.8 hash syntax

    rafaelfranca committed Sep 28, 2013
Commits on Sep 12, 2013
  1. @rafaelfranca

    Merge pull request #12196 from h-lame/fix-activesupport-cache-filesto…

    rafaelfranca committed Sep 12, 2013
    …re-cleanup
    
    Fix FileStore#cleanup to no longer rely on missing each_key method
    Conflicts:
    	activesupport/CHANGELOG.md
    	activesupport/test/caching_test.rb
Commits on Aug 18, 2013
  1. @guilleiguaran

    Fix 1.8.7 incompatible respond_to_missing

    Eugene Kalenkovich committed with guilleiguaran Aug 18, 2013
Commits on Jul 31, 2013
  1. @rafaelfranca
Something went wrong with that request. Please try again.