Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Commits on Oct 16, 2013
  1. @tenderlove

    updating changelogs

    tenderlove authored
Commits on Mar 18, 2013
  1. @tenderlove

    Merge branch '3-2-13' into 3-2-stable

    tenderlove authored
    * 3-2-13:
      bumping to 3.2.13
      fix protocol checking in sanitization [CVE-2013-1857]
      JDOM XXE Protection [CVE-2013-1856]
      fix incorrect ^$ usage leading to XSS in sanitize_css [CVE-2013-1855]
      stop calling to_sym when building arel nodes [CVE-2013-1854]
      Merge pull request #9616 from exviva/multiple_select_name_double_square_brackets
      bumping to rc2
      Revert "Merge pull request #8209 from senny/backport_8176"
      Freeze columns only once per Result
      Preparing for 3.2.13.rc1 release
      Update CHANGELOGs for 3.2.13 release.
    
    Conflicts:
    	actionmailer/CHANGELOG.md
    	actionpack/CHANGELOG.md
    	activemodel/CHANGELOG.md
    	activeresource/CHANGELOG.md
    	activesupport/CHANGELOG.md
    	railties/CHANGELOG.md
Commits on Mar 5, 2013
  1. @tenderlove

    Revert "Merge pull request #8209 from senny/backport_8176"

    tenderlove authored
    This reverts commit 7240202, reversing
    changes made to e4e2bcc.
    
    Conflicts:
    	activerecord/CHANGELOG.md
    	activerecord/lib/active_record/relation/calculations.rb
    	activerecord/test/cases/calculations_test.rb
Commits on Feb 11, 2013
  1. @tenderlove

    Merge branch '3-2-sec' into 3-2-stable

    tenderlove authored
    * 3-2-sec:
      bumping version
      remove ruby-prof
      Fix issue with attr_protected where malformed input could circumvent protection
      fixing call to columns hash. run the damn tests when you backport!
      Bump rack dependency to 1.4.5
      Merge pull request #9224 from dylanahsmith/bigdecimal-takes-string
      Merge pull request #9208 from dylanahsmith/3-2-mysql-quote-numeric
    
    Conflicts:
    	Gemfile
    	activerecord/CHANGELOG.md
Commits on Jan 8, 2013
  1. @tenderlove

    Merge branch '3-2-sec' into 3-2-secmerge

    tenderlove authored
    * 3-2-sec:
      bumping version
      CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml.
      * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * dealing with empty hashes. Thanks Damien Mathieu
      Avoid Rack security warning no secret provided
    
    Conflicts:
    	actionpack/CHANGELOG.md
    	activerecord/CHANGELOG.md
    	activesupport/CHANGELOG.md
  2. @tenderlove

    * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] …

    tenderlove authored
    …* dealing with empty hashes. Thanks Damien Mathieu
Commits on Dec 23, 2012
  1. @tenderlove

    Merge branch '3-2-sec' into 3-2-secmerge

    tenderlove authored
    * 3-2-sec:
      CVE-2012-5664 options hashes should only be extracted if there are extra parameters
      updating changelog
      updating the changelogs
      updating the changelog for the CVE
      Add release date of Rails 3.2.9 to documentation
    
    Conflicts:
    	actionmailer/CHANGELOG.md
    	actionpack/CHANGELOG.md
    	activemodel/CHANGELOG.md
    	activerecord/CHANGELOG.md
    	activeresource/CHANGELOG.md
    	activesupport/CHANGELOG.md
    	railties/CHANGELOG.md
  2. @tenderlove

    updating changelog

    tenderlove authored
  3. @tenderlove
Commits on Nov 30, 2012
  1. @tenderlove @rafaelfranca

    Merge pull request #6397 from kennyj/fix_translate_exception

    tenderlove authored rafaelfranca committed
    Fix a problem of translate_exception method in a Japanese (non English) environment.
Commits on Oct 15, 2012
  1. @tenderlove
Commits on Sep 21, 2012
  1. @tenderlove @steveklabnik

    Merge pull request #3544 from amatsuda/_field_changed

    tenderlove authored steveklabnik committed
    Rename field_changed? to _field_changed? so that users can create a field named field
    Conflicts:
    
    	activerecord/lib/active_record/core.rb
    	activerecord/test/cases/dirty_test.rb
Commits on Jul 26, 2012
  1. @tenderlove

    Merge branch '3-2-rel' into 3-2-stable

    tenderlove authored
    * 3-2-rel:
      updating release date
      bumping to 3.2.7
      updating the changelog
      * Do not convert digest auth strings to symbols. CVE-2012-3424
      updating the version
      updating changelogs
  2. @tenderlove

    updating release date

    tenderlove authored
Commits on Jun 12, 2012
  1. @tenderlove

    updating changelogs

    tenderlove authored
Commits on Jun 11, 2012
  1. @tenderlove
Commits on May 31, 2012
  1. @tenderlove
  2. @tenderlove

    updating changelogs

    tenderlove authored
Commits on Jan 19, 2012
  1. @tenderlove

    Merge pull request #4531 from exviva/pessimistic_with_lock

    tenderlove authored
    Add ActiveRecord::Base#with_lock
Commits on Nov 29, 2011
  1. @tenderlove

    Automatic closure of connections in threads is deprecated. For example

    tenderlove authored
    the following code is deprecated:
    
    Thread.new { Post.find(1) }.join
    
    It should be changed to close the database connection at the end of
    the thread:
    
    Thread.new {
      Post.find(1)
      Post.connection.close
    }.join
    
    Only people who spawn threads in their application code need to worry
    about this change.
Something went wrong with that request. Please try again.