Skip to content
This repository
tag: v3.2.11

Jan 08, 2013

  1. Aaron Patterson

    bumping version

    authored January 07, 2013
  2. Jeremy Kemper

    CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml.

    authored January 05, 2013 tenderlove committed January 08, 2013
  3. Aaron Patterson

    * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] …

    …* dealing with empty hashes. Thanks Damien Mathieu
    authored January 04, 2013
  4. Santiago Pastorino

    Avoid Rack security warning no secret provided

    This avoids "SECURITY WARNING: No secret option provided to Rack::Session::Cookie."
    authored January 08, 2013 tenderlove committed January 08, 2013

Dec 23, 2012

  1. Aaron Patterson

    bumping version to 3.2.10

    authored December 23, 2012
  2. Aaron Patterson

    CVE-2012-5664 options hashes should only be extracted if there are ex…

    …tra parameters
    authored December 23, 2012
  3. Aaron Patterson

    updating changelog

    authored December 23, 2012
  4. Aaron Patterson

    updating the changelogs

    authored December 22, 2012
  5. Aaron Patterson

    updating the changelog for the CVE

    authored December 22, 2012
  6. Claudio B.

    Add release date of Rails 3.2.9 to documentation

    Conflicts:
    	actionpack/CHANGELOG.md
    	activerecord/CHANGELOG.md
    	activesupport/CHANGELOG.md
    authored November 12, 2012 tenderlove committed December 23, 2012

Nov 12, 2012

  1. Santiago Pastorino

    Bump to 3.2.9

    authored November 12, 2012

Nov 09, 2012

  1. Santiago Pastorino

    Revert "Add test case to assets eager load"

    This reverts commit 552a3e1.
    authored November 09, 2012
  2. Santiago Pastorino

    Bump up to 3.2.9.rc3

    authored November 09, 2012
  3. Rafael Mendonça França

    Merge pull request #8161 from guilleiguaran/downgrade-sprockets

    Lock sprockets to 2.2.x
    
    REASON: We had some pending fixes in sprockets and sass-rails to make possible to use sprockets version > 2.2. We will do a more conservative sprockets upgrade for this release.
    
    In a next release we can relax the dependency again.
    
    See #8099 for more information.
    authored November 09, 2012 spastorino committed November 09, 2012
  4. Santiago Pastorino

    Revert "Respect children paths filter settings"

    This reverts commit 53778ec.
    Closes #8146
    authored November 09, 2012

Nov 02, 2012

  1. Santiago Pastorino

    Clear url helpers when reloading routes

    authored November 02, 2012
  2. Rafael Mendonça França

    Add test to avoid regression of 4a86362

    authored November 02, 2012
  3. Rafael Mendonça França

    Revert "Merge pull request #7668 from Draiken/fix_issue_6497"

    This reverts commit 61d5d2d.
    
    Conflicts:
    	actionpack/CHANGELOG.md
    
    REASON: This added a backward incompatible change.
    authored November 02, 2012

Nov 01, 2012

  1. Santiago Pastorino

    Bump to 3.2.9.rc2

    authored November 01, 2012
  2. Carlos Antonio da Silva

    Ensure calling first/last with options correctly set inverse association

    Also related to #8087. Thanks @al2o3cr.
  3. Carlos Antonio da Silva

    Fix issue with collection associations and first(n)/last(n)

    When calling first(n) or last(n) in a collection, Active Record was
    improperly trying to set the inverse of instance in case that option
    existed. This change was introduced by
    fdf4eae.
    
    In such cases we don't need to do that "manually", since the way
    collection will be loaded will already handle that, so we just skip
    setting the inverse association when any argument is given to
    first(n)/last(n).
    
    The test included ensures that these scenarios will have the inverse of
    instance set properly.
    
    Fixes #8087, Closes #8094.

Oct 31, 2012

  1. Xavier Noria

    relaxes assertion

    This method returns the status of the operation,
    but as we generally do in the code base it does
    not commit to any particular exact value. Hence,
    we do not have to check for a singleton, because
    if the implementation changes and returns some
    other true value the test should pass.
    authored October 31, 2012
  2. José Valim

    Merge pull request #8083 from saks/fix_update_column_return_value

    Fix ActiveRecord#update_column return value
    authored October 31, 2012
  3. Aliaxandr Rahalevich

    Fix ActiveRecord#update_column return value

    authored October 31, 2012
  4. Rafael Mendonça França

    Revert "Merge pull request #7659 from HugoLnx/template_error_no_match…

    …es_rebased"
    
    This reverts commit 7d17cd2.
    
    Conflicts:
    	actionpack/CHANGELOG.md
    
    Reason: This added a regression since people were relying on this buggy behavior.
    This will introduce back #3849 but we will be backward compatible in
    stable release.
    
    Fixes #8068.
    authored October 31, 2012
  5. Rafael Mendonça França

    Revert "Merge pull request #7797 from senny/7459_prefix_tempalte_asse…

    …rtion_variables"
    
    This reverts commit 2bad605.
    
    Conflicts:
    	actionpack/CHANGELOG.md
    
    Reason: This added a regression related with shoulda-matchers, since it
    is expecting the instance variable @layouts
    
    See https://github.com/thoughtbot/shoulda-matchers/blob/9e1188eea68c47d9a56ce6280e45027da6187ab1/lib/shoulda/matchers/action_controller/render_with_layout_matcher.rb#L74
    
    This will introduce back #7459 but this stable release will be backward compatible.
    Related with #8068.
    authored October 30, 2012

Oct 30, 2012

  1. Rafael Mendonça França

    Add CHANGELOG entry to #8032 fix

    e6b4184 fixes that issue too.
    
    [ci skip]
    authored October 29, 2012
  2. Rafael Mendonça França

    Fix typo :bomb: [ci skip]

    authored October 29, 2012
  3. Rafael Mendonça França

    Fix bug when Column is trying to type cast boolean values to integer.

    This can occur if the user is using :integer columns to store boolean
    values. Now we are handling the boolean values but it still raises if
    the value can't type cast to integer and is not a boolean. See #7509.
    
    Fixes #8067.
    authored October 29, 2012

Oct 29, 2012

  1. Rafael Mendonça França

    Merge pull request #8009 from graceliu/3-2-fix_database_url_support

    fixed support for DATABASE_URL for rake db tasks
    authored October 29, 2012
  2. graceliu

    fixed support for DATABASE_URL for rake db tasks

    Backport for #7521
    
    - added tests to confirm establish_connection uses DATABASE_URL and
      Rails.env correctly even when no arguments are passed in.
    - updated rake db tasks to support DATABASE_URL, and added tests to
      confirm correct behavior for these rake tasks.  (Removed
      establish_connection call from some tasks since in those cases
      the :environment task already made sure the function would be called)
    - updated Resolver so that when it resolves the database url, it
      removes hash values with empty strings from the config spec (e.g.
      to support connection to postgresql when no username is specified).
    - updated ResolverTest to use current_adapter? to check the type of
      the current adapter.
    authored October 12, 2012 rafaelfranca committed October 29, 2012
  3. Santiago Pastorino

    Bump to 3.2.9.rc1

    authored October 29, 2012
  4. Santiago Pastorino

    Add 3.2.9 section in ARes CHANGELOG

    [ci skip]
    authored October 29, 2012
  5. Rafael Mendonça França

    Revert "Deprecate Paths::Path#children which is unused now"

    This reverts commit f7de647.
    
    We can't deprecate things in stable branches. I didn't not realized that
    the pull request was for 3-2-stable
    authored October 29, 2012
  6. Rafael Mendonça França

    Merge pull request #7587 from elia/fix-too-eager-loading

    Should not eager_load app/assets
    authored October 29, 2012
Something went wrong with that request. Please try again.