Permalink
Switch branches/tags
Commits on Aug 9, 2012
  1. Bump to 3.1.8

    spastorino committed Aug 9, 2012
  2. Add CHANGELOG entries

    spastorino committed Aug 9, 2012
  3. Do not mark strip_tags result as html_safe

    spastorino committed Aug 8, 2012
    Thanks to Marek Labos & Nethemba
    
    CVE-2012-3465
  4. escape select_tag :prompt values

    spastorino committed Aug 8, 2012
    CVE-2012-3463
Commits on Aug 7, 2012
Commits on Jul 26, 2012
  1. bumping to 3.1.7

    tenderlove committed Jul 26, 2012
Commits on Jul 23, 2012
  1. updating changelog

    tenderlove committed Jul 23, 2012
Commits on Jun 14, 2012
  1. adding a test for #6459

    tenderlove committed Jun 14, 2012
  2. removes item in the Active Record CHANGELOG

    fxn committed Jun 14, 2012
    That change to update_attribute was considered
    to be too subtle and was reverted in 30ea923
    just before Rails 3 shipped. Later we introduced
    update_column (Rails 3.1).
Commits on Jun 12, 2012
  1. updating changelogs

    tenderlove committed Jun 12, 2012
Commits on Jun 11, 2012
  1. bumping version numbers

    tenderlove committed Jun 11, 2012
  2. Merge branch '3-1-stable-sec' into 3-1-stable-rel

    tenderlove committed Jun 11, 2012
    * 3-1-stable-sec:
      Array parameters should not contain nil values.
      Additional fix for CVE-2012-2661
  3. Change the string to use in test case.

    kennyj authored and tenderlove committed Mar 6, 2012
    Conflicts:
    
    	activerecord/test/cases/adapters/mysql/mysql_adapter_test.rb
    	activerecord/test/cases/adapters/mysql2/schema_test.rb
  4. Fix GH #3163. Should quote database on mysql/mysql2.

    kennyj authored and tenderlove committed Mar 3, 2012
    Conflicts:
    
    	activerecord/test/cases/adapters/mysql/mysql_adapter_test.rb
    
    Conflicts:
    
    	activerecord/lib/active_record/connection_adapters/abstract_mysql_adapter.rb
    	activerecord/test/cases/adapters/mysql/mysql_adapter_test.rb
Commits on Jun 8, 2012
  1. Additional fix for CVE-2012-2661

    ernie authored and tenderlove committed Jun 8, 2012
    While the patched PredicateBuilder in 3.1.5 prevents a user
    from specifying a table name using the `table.column` format,
    it doesn't protect against the nesting of hashes changing the
    table context in the next call to build_from_hash. This fix
    covers this case as well.
Commits on May 31, 2012
  1. Merge branch '3-1-rel' into 3-1-stable

    tenderlove committed May 31, 2012
    * 3-1-rel:
      bumping to 3.1.5
      updating the CHANGELOG
      bumping to 3.1.5.rc1
  2. Merge branch '3-1-stable-sec' into 3-1-stable

    tenderlove committed May 31, 2012
    * 3-1-stable-sec:
      Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this!
      predicate builder should not recurse for determining where columns. Thanks to Ben Murphy for reporting this
  3. bumping to 3.1.5

    tenderlove committed May 31, 2012
  4. updating the CHANGELOG

    tenderlove committed May 31, 2012
  5. Merge branch '3-1-stable-sec' into 3-1-rel

    tenderlove committed May 31, 2012
    * 3-1-stable-sec:
      Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this!
      predicate builder should not recurse for determining where columns. Thanks to Ben Murphy for reporting this
Commits on May 30, 2012
  1. Strip [nil] from parameters hash.

    tenderlove committed May 30, 2012
    Thanks to Ben Murphy for reporting this!
    
    CVE-2012-2660
  2. predicate builder should not recurse for determining where columns.

    tenderlove committed May 30, 2012
    Thanks to Ben Murphy for reporting this
    
    CVE-2012-2661
Commits on May 29, 2012
  1. Merge pull request #6532 from freerange/3-1-stable-minitest-passthrou…

    rafaelfranca committed May 29, 2012
    …gh-exceptions
    
    Exceptions like Interrupt should not be rescued in tests.
  2. Exceptions like Interrupt should not be rescued in tests.

    floehopper committed May 29, 2012
    This is a back-port of rails/rails#6525. See the commit notes there for
    details.
Commits on May 28, 2012
  1. bumping to 3.1.5.rc1

    tenderlove committed May 28, 2012
Commits on May 13, 2012
  1. Merge pull request #3237 from sakuro/data-url-scheme

    rafaelfranca committed May 13, 2012
    Support data: url scheme
  2. Merge pull request #6300 from guilleiguaran/upgrade-sprockets-3-1-stable

    spastorino committed May 13, 2012
    Upgrade sprockets to 2.0.4