Permalink
Commits on Aug 9, 2012
  1. Bump to 3.1.8

    spastorino committed Aug 9, 2012
  2. Add CHANGELOG entries

    spastorino committed Aug 9, 2012
  3. Do not mark strip_tags result as html_safe

    Thanks to Marek Labos & Nethemba
    
    CVE-2012-3465
    spastorino committed Aug 8, 2012
  4. escape select_tag :prompt values

    CVE-2012-3463
    spastorino committed Aug 8, 2012
Commits on Aug 7, 2012
Commits on Jul 26, 2012
  1. bumping to 3.1.7

    tenderlove committed Jul 26, 2012
  2. updating rails release date

    tenderlove committed Jul 26, 2012
  3. updating changelog with CVE

    tenderlove committed Jul 26, 2012
Commits on Jul 23, 2012
  1. updating changelog

    tenderlove committed Jul 23, 2012
Commits on Jun 14, 2012
  1. adding a test for #6459

    tenderlove committed Jun 14, 2012
  2. removes item in the Active Record CHANGELOG

    That change to update_attribute was considered
    to be too subtle and was reverted in 30ea923
    just before Rails 3 shipped. Later we introduced
    update_column (Rails 3.1).
    fxn committed Jun 14, 2012
Commits on Jun 12, 2012
  1. updating changelogs

    tenderlove committed Jun 12, 2012
Commits on Jun 11, 2012
  1. bumping version numbers

    tenderlove committed Jun 11, 2012
  2. Merge branch '3-1-stable-sec' into 3-1-stable-rel

    * 3-1-stable-sec:
      Array parameters should not contain nil values.
      Additional fix for CVE-2012-2661
    tenderlove committed Jun 11, 2012
  3. Change the string to use in test case.

    Conflicts:
    
    	activerecord/test/cases/adapters/mysql/mysql_adapter_test.rb
    	activerecord/test/cases/adapters/mysql2/schema_test.rb
    kennyj committed with tenderlove Mar 6, 2012
  4. Fix GH #3163. Should quote database on mysql/mysql2.

    Conflicts:
    
    	activerecord/test/cases/adapters/mysql/mysql_adapter_test.rb
    
    Conflicts:
    
    	activerecord/lib/active_record/connection_adapters/abstract_mysql_adapter.rb
    	activerecord/test/cases/adapters/mysql/mysql_adapter_test.rb
    kennyj committed with tenderlove Mar 3, 2012
Commits on Jun 8, 2012
  1. Additional fix for CVE-2012-2661

    While the patched PredicateBuilder in 3.1.5 prevents a user
    from specifying a table name using the `table.column` format,
    it doesn't protect against the nesting of hashes changing the
    table context in the next call to build_from_hash. This fix
    covers this case as well.
    ernie committed with tenderlove Jun 8, 2012
Commits on May 31, 2012
  1. Merge branch '3-1-rel' into 3-1-stable

    * 3-1-rel:
      bumping to 3.1.5
      updating the CHANGELOG
      bumping to 3.1.5.rc1
    tenderlove committed May 31, 2012
  2. Merge branch '3-1-stable-sec' into 3-1-stable

    * 3-1-stable-sec:
      Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this!
      predicate builder should not recurse for determining where columns. Thanks to Ben Murphy for reporting this
    tenderlove committed May 31, 2012
  3. bumping to 3.1.5

    tenderlove committed May 31, 2012
  4. updating the CHANGELOG

    tenderlove committed May 31, 2012
  5. Merge branch '3-1-stable-sec' into 3-1-rel

    * 3-1-stable-sec:
      Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this!
      predicate builder should not recurse for determining where columns. Thanks to Ben Murphy for reporting this
    tenderlove committed May 31, 2012
Commits on May 30, 2012
  1. Strip [nil] from parameters hash.

    Thanks to Ben Murphy for reporting this!
    
    CVE-2012-2660
    tenderlove committed May 30, 2012
  2. predicate builder should not recurse for determining where columns.

    Thanks to Ben Murphy for reporting this
    
    CVE-2012-2661
    tenderlove committed May 30, 2012
Commits on May 29, 2012
  1. Merge pull request #6532 from freerange/3-1-stable-minitest-passthrou…

    …gh-exceptions
    
    Exceptions like Interrupt should not be rescued in tests.
    rafaelfranca committed May 29, 2012
  2. Exceptions like Interrupt should not be rescued in tests.

    This is a back-port of rails/rails#6525. See the commit notes there for
    details.
    floehopper committed May 29, 2012
Commits on May 28, 2012
  1. bumping to 3.1.5.rc1

    tenderlove committed May 28, 2012
Commits on May 13, 2012
  1. Merge pull request #3237 from sakuro/data-url-scheme

    Support data: url scheme
    rafaelfranca committed May 13, 2012
  2. Merge pull request #6300 from guilleiguaran/upgrade-sprockets-3-1-stable

    Upgrade sprockets to 2.0.4
    spastorino committed May 13, 2012
  3. Upgrade sprockets to 2.0.4

    guilleiguaran committed May 13, 2012