Permalink
Commits on Mar 18, 2013
  1. @tenderlove

    bumping to 3.1.12

    tenderlove committed Mar 18, 2013
Commits on Mar 16, 2013
  1. @tenderlove

    fix protocol checking in sanitization [CVE-2013-1857]

    Conflicts:
    	actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb
    tenderlove committed Mar 15, 2013
  2. @benmmurphy @tenderlove

    JDOM XXE Protection [CVE-2013-1856]

    Conflicts:
    	activesupport/test/xml_mini/jdom_engine_test.rb
    benmmurphy committed with tenderlove Feb 8, 2013
  3. @charliesome @tenderlove
  4. @tenderlove
Commits on Feb 28, 2013
  1. @guilleiguaran

    Merge pull request #9475 from queso/update-mail

    Update gemspec to get mail 2.4 as the main version, 2.3.3 has security i...
    guilleiguaran committed Feb 28, 2013
Commits on Feb 27, 2013
  1. @queso
  2. @steveklabnik

    Revert "Merge pull request #9208 from dylanahsmith/3-2-mysql-quote-nu…

    …meric"
    
    This reverts commit 921a296.
    steveklabnik committed Feb 27, 2013
Commits on Feb 16, 2013
  1. @fxn

    Merge pull request #9309 from joernchen/patch-2

    Update activemodel/CHANGELOG.md
    fxn committed Feb 16, 2013
  2. @joernchen

    Update activemodel/CHANGELOG.md

    Fixed a typo ;)
    joernchen committed Feb 16, 2013
Commits on Feb 14, 2013
  1. @carlosantoniodasilva

    Fix changelog typos [ci skip]

    Thanks to @jmccartie.
    carlosantoniodasilva committed Feb 14, 2013
Commits on Feb 12, 2013
  1. @carlosantoniodasilva

    Update changelogs with version/release dates [ci skip]

    Also add note about attr_protected change.
    carlosantoniodasilva committed Feb 12, 2013
Commits on Feb 11, 2013
  1. @tenderlove

    bumping to 3.1.11

    tenderlove committed Feb 11, 2013
Commits on Feb 10, 2013
  1. @joernchen @tenderlove

    Fix issue with attr_protected where malformed input could circumvent

    protection
    
    Fixes: CVE-2013-0276
    joernchen committed with tenderlove Feb 9, 2013
Commits on Feb 8, 2013
  1. @guilleiguaran

    Merge pull request #9226 from robertomiranda/fix-bigdecimal-test

    [3.1] Fix test failure for ruby 1.8
    guilleiguaran committed Feb 8, 2013
  2. @robertomiranda
  3. @guilleiguaran

    Merge pull request #9209 from dylanahsmith/3-1-mysql-quote-numeric

    [3.1] active_record: Quote numeric values compared to string columns.
    guilleiguaran committed Feb 8, 2013
Commits on Feb 7, 2013
  1. @dylanahsmith
Commits on Jan 26, 2013
  1. @kennyj @carlosantoniodasilva
  2. @dmathieu @carlosantoniodasilva
Commits on Jan 16, 2013
  1. @carlosantoniodasilva

    Update mocha version to 0.13.0 and change requires

    Conflicts:
    	Gemfile
    	railties/test/application/route_inspect_test.rb
    	railties/test/generators_test.rb
    carlosantoniodasilva committed Nov 12, 2012
  2. @rafaelfranca

    Merge pull request #8871 from freerange/3-1-stable-with-mocha-fixes

    Fix 3-1-stable to work with Mocha >= v0.13.0
    rafaelfranca committed Jan 16, 2013
  3. @floehopper

    Fix 3-1-stable to work with Mocha >= v0.13.0

    A) Update code in ActiveSupport which monkey-patches Test::Unit to
    include Mocha bug fix.
    
    A bug was fixed [1] in Mocha's integration with Test::Unit, but this
    monkey-patching code was copied before the fix. We need to copy the
    fixed version.
    
    The bug meant that an unexpected invocation against a mock within the
    teardown method caused a test *error* and not a test *failure*.
    
    B) Fix for Test::Unit/Mocha compatibility.
    
    Mocha is now using a single AssertionCounter which needs a reference to
    the testcase as opposed to the result.
    
    This change is an unfortunate consequence of the copying of a chunk of
    Mocha's internal code in order to monkey-patch Test::Unit.
    
    C) Avoid a Mocha deprecation warning.
    
    [1]
    freerange/mocha@f1ff647#diff-5
    floehopper committed Aug 26, 2012
Commits on Jan 12, 2013
  1. @pixeltrix
Commits on Jan 11, 2013
  1. @jeremy

    Merge pull request #8889 from dylanahsmith/3-1-parse-non-object-json-…

    …params
    
    3-1-stable: Fix JSON params parsing regression for non-object JSON content.
    jeremy committed Jan 11, 2013
  2. @dylanahsmith
Commits on Jan 9, 2013
  1. @carlosantoniodasilva
  2. @rafaelfranca

    Merge pull request #8846 from AlexRiedler/revert_5861

    Backport multi_json dependency revert of #5861 to 3-1-stable
    rafaelfranca committed Jan 9, 2013
  3. @jeremy

    Merge pull request #5896 from sferik/revert_5861

    Revert #5861. Feature-detect which MultiJson API to use.
    Conflicts:
    	activesupport/activesupport.gemspec
    
    This backports multi_json version depedency changes as applied.
    
    Rationale: #5861
    
    Patch by sferik
    jeremy committed with Alex Riedler Apr 21, 2012
  4. @carlosantoniodasilva

    Merge pull request #8835 from sikachu/3-1-stable-fix-ars

    Remove test for XML YAML parsing
    carlosantoniodasilva committed Jan 9, 2013
  5. @sikachu

    Remove test for XML YAML parsing

    The support for YAML parsing in XML has been removed from Active Support
    since it introduced an security risk. See 8133a81 for more detail.
    sikachu committed Jan 9, 2013
  6. @carlosantoniodasilva
Commits on Jan 8, 2013
  1. @tenderlove

    bumping version

    tenderlove committed Jan 8, 2013
  2. @jeremy @tenderlove
  3. @tenderlove

    * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] …

    …* dealing with empty hashes. Thanks Damien Mathieu
    
    Conflicts:
    	actionpack/CHANGELOG.md
    	activerecord/CHANGELOG.md
    tenderlove committed Jan 4, 2013