* 3-2-15: bumping to rc3 Revert "Merge pull request #12413 from arthurnn/inverse_of_on_build" Revert "Merge pull request #12443 from arthurnn/add_inverse_of_add_target" bumping to rc2 Merge pull request #12443 from arthurnn/add_inverse_of_add_target bumping version to 3.2.15.rc1 Fix STI scopes using benolee's suggestion. Fixes #11939
This avoids potential format string vulnerabilities where user-provided data is interpolated into the log message before String#% is called.
…log abstracter wraps a TaggedLogging instance. It's also best practice when overriding method_missing.
The standard Ruby behavior for Time.at is to return the same type of time when passing an instance of Time as a single argument. Since the an ActiveSupport::TimeWithZone instance may be a different timezone than the system timezone and DateTime just understands offsets the best we can do is to return an instance of Time with the correct offset. It also maintains the correct fractional second value as well. Fixes #11350. Backports: 4842535 1b38737
…block is not provided.
Time.at allows passing a single Time argument which is then converted to an integer. The conversion code since 1.9.3r429 explicitly checks for an instance of Time so we need to override it to allow DateTime and ActiveSupport::TimeWithZone values.
* 3-2-13: bumping to 3.2.13 fix protocol checking in sanitization [CVE-2013-1857] JDOM XXE Protection [CVE-2013-1856] fix incorrect ^$ usage leading to XSS in sanitize_css [CVE-2013-1855] stop calling to_sym when building arel nodes [CVE-2013-1854] Merge pull request #9616 from exviva/multiple_select_name_double_square_brackets bumping to rc2 Revert "Merge pull request #8209 from senny/backport_8176" Freeze columns only once per Result Preparing for 3.2.13.rc1 release Update CHANGELOGs for 3.2.13 release. Conflicts: actionmailer/CHANGELOG.md actionpack/CHANGELOG.md activemodel/CHANGELOG.md activeresource/CHANGELOG.md activesupport/CHANGELOG.md railties/CHANGELOG.md