Skip to content
This repository
tag: v3.1.11

Feb 11, 2013

  1. Aaron Patterson

    bumping to 3.1.11

    authored February 10, 2013

Feb 10, 2013

  1. joernchen of Phenoelit

    Fix issue with attr_protected where malformed input could circumvent

    protection
    
    Fixes: CVE-2013-0276
    authored February 09, 2013 tenderlove committed February 09, 2013

Feb 08, 2013

  1. Guillermo Iguaran

    Merge pull request #9226 from robertomiranda/fix-bigdecimal-test

    [3.1] Fix test failure for ruby 1.8
    authored February 08, 2013
  2. Roberto Miranda

    Fix test failure for ruby 1.8

    authored February 08, 2013
  3. Guillermo Iguaran

    Merge pull request #9209 from dylanahsmith/3-1-mysql-quote-numeric

    [3.1] active_record: Quote numeric values compared to string columns.
    authored February 07, 2013

Feb 07, 2013

  1. Dylan Thacker-Smith

    active_record: Quote numeric values compared to string columns.

    authored February 06, 2013

Jan 26, 2013

  1. Toshinori Kajihara

    Fix build. It seems that the Mocha's behavior were changed.

    authored April 25, 2012 carlosantoniodasilva committed January 26, 2013
  2. Damien Mathieu

    remove the warning when testing whiny_nil

    authored May 30, 2011 carlosantoniodasilva committed January 26, 2013

Jan 16, 2013

  1. Carlos Antonio da Silva

    Update mocha version to 0.13.0 and change requires

    Conflicts:
    	Gemfile
    	railties/test/application/route_inspect_test.rb
    	railties/test/generators_test.rb
  2. Rafael Mendonça França

    Merge pull request #8871 from freerange/3-1-stable-with-mocha-fixes

    Fix 3-1-stable to work with Mocha >= v0.13.0
    authored January 16, 2013
  3. James Mead

    Fix 3-1-stable to work with Mocha >= v0.13.0

    A) Update code in ActiveSupport which monkey-patches Test::Unit to
    include Mocha bug fix.
    
    A bug was fixed [1] in Mocha's integration with Test::Unit, but this
    monkey-patching code was copied before the fix. We need to copy the
    fixed version.
    
    The bug meant that an unexpected invocation against a mock within the
    teardown method caused a test *error* and not a test *failure*.
    
    B) Fix for Test::Unit/Mocha compatibility.
    
    Mocha is now using a single AssertionCounter which needs a reference to
    the testcase as opposed to the result.
    
    This change is an unfortunate consequence of the copying of a chunk of
    Mocha's internal code in order to monkey-patch Test::Unit.
    
    C) Avoid a Mocha deprecation warning.
    
    [1]
    freerange/mocha@f1ff647#diff-5
    authored August 26, 2012

Jan 12, 2013

  1. Andrew White

    Remove unnecessary caching of ParameterFilter

    authored January 12, 2013

Jan 11, 2013

  1. Jeremy Kemper

    Merge pull request #8889 from dylanahsmith/3-1-parse-non-object-json-…

    …params
    
    3-1-stable: Fix JSON params parsing regression for non-object JSON content.
    authored January 10, 2013
  2. Dylan Thacker-Smith

    Fix JSON params parsing regression for non-object JSON content.

    Backports #8855.
    authored January 09, 2013

Jan 09, 2013

  1. Carlos Antonio da Silva

    Update changelogs with release dates and minor improvements [ci skip]

  2. Rafael Mendonça França

    Merge pull request #8846 from AlexRiedler/revert_5861

    Backport multi_json dependency revert of #5861 to 3-1-stable
    authored January 09, 2013
  3. Jeremy Kemper

    Merge pull request #5896 from sferik/revert_5861

    Revert #5861. Feature-detect which MultiJson API to use.
    Conflicts:
    	activesupport/activesupport.gemspec
    
    This backports multi_json version depedency changes as applied.
    
    Rationale: #5861
    
    Patch by sferik
    authored April 21, 2012 Alex Riedler committed January 09, 2013
  4. Carlos Antonio da Silva

    Merge pull request #8835 from sikachu/3-1-stable-fix-ars

    Remove test for XML YAML parsing
  5. Prem Sichanugrist

    Remove test for XML YAML parsing

    The support for YAML parsing in XML has been removed from Active Support
    since it introduced an security risk. See 8133a81 for more detail.
    authored January 08, 2013
  6. Carlos Antonio da Silva

    Fix a few warnings of unused variables

Jan 08, 2013

  1. Aaron Patterson

    bumping version

    authored January 07, 2013
  2. Jeremy Kemper

    CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml.

    authored January 05, 2013 tenderlove committed January 08, 2013
  3. Aaron Patterson

    * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] …

    …* dealing with empty hashes. Thanks Damien Mathieu
    
    Conflicts:
    	actionpack/CHANGELOG.md
    	activerecord/CHANGELOG.md
    authored January 04, 2013
  4. Santiago Pastorino

    Avoid Rack security warning no secret provided

    This avoids "SECURITY WARNING: No secret option provided to Rack::Session::Cookie."
    authored January 08, 2013

Dec 23, 2012

  1. Aaron Patterson

    bumping version to 3.1.9

    authored December 23, 2012
  2. Aaron Patterson

    CVE-2012-5664 options hashes should only be extracted if there are ex…

    …tra parameters
    authored December 23, 2012
  3. Aaron Patterson

    updating changelogs

    authored December 22, 2012

Dec 15, 2012

  1. Carlos Antonio da Silva

    Be a bit less conservative with mysql in adapter

    This will allow the new mysql 2.9.0 to be used, fixing our test issues.
  2. Carlos Antonio da Silva

    Update xml serialization tests to reflect a change in builder

    Due to a change in builder, nil values now generates closed tags,
    so instead of this:
    
        <pseudonyms nil=\"true\"></pseudonyms>
    
    It generates this:
    
        <pseudonyms nil=\"true\"/>
    
    Document this change in Rails so that people can track it down easily if
    necessary.
    
    Changes in Active Model, Active Record and Active Support tests.
    
    Cherry-pick of d65adc7, 77dd3be and 146eaf3. Fix build.
  3. Aaron Patterson

    do not install ruby-prof on Ruby 2.0

    authored December 14, 2012

Dec 14, 2012

  1. Aaron Patterson

    test for 8018

    authored December 14, 2012

Oct 18, 2012

  1. Rafael Mendonça França

    Require ActionController::Railtie in the default middleware stack.

    This will make possible to do a frameworkless initialization since the
    the default middleware stack is self contained.
    authored October 18, 2012

Aug 28, 2012

  1. Pratik

    Ensure association preloading properly merges default scope and assoc…

    …iation conditions
    authored August 28, 2012
  2. Xavier Noria

    CHANGELOGs are now per branch

    Check 810a50d for the rationale.
    authored August 28, 2012

Aug 17, 2012

  1. Jon Leighton

    Increase benchmark time to 20 seconds.

    I think that 5 seconds was a bit low for our purposes.
    
    Also enable it to be configured via env vars.
    
    We also need to scale the number of records up/down depending on how
    long we're running the benchmark for.
    
    Conflicts:
    	activerecord/examples/performance.rb
    authored August 17, 2012
Something went wrong with that request. Please try again.