Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Comparing changes

Choose two branches to see what's changed or to start a new pull request. If you need to, you can also compare across forks.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also compare across forks.
base fork: rails/rails
...
head fork: rails/rails
Checking mergeability… Don't worry, you can still create the pull request.
  • 5 commits
  • 17 files changed
  • 0 commit comments
  • 1 contributor
View
2  RAILS_VERSION
@@ -1 +1 @@
-3.0.15
+3.0.16
View
4 actionmailer/CHANGELOG
@@ -1,3 +1,7 @@
+## Rails 3.0.16 (Jul 26, 2012)
+
+* No changes.
+
## Rails 3.0.14 (Jun 12, 2012)
* No changes.
View
2  actionmailer/lib/action_mailer/version.rb
@@ -2,7 +2,7 @@ module ActionMailer
module VERSION #:nodoc:
MAJOR = 3
MINOR = 0
- TINY = 15
+ TINY = 16
PRE = nil
STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
View
4 actionpack/CHANGELOG
@@ -1,3 +1,7 @@
+## Rails 3.0.16 (Jul 26, 2012)
+
+* Do not convert digest auth strings to symbols. CVE-2012-3424
+
## Rails 3.0.14 (Jun 12, 2012)
* nil is removed from array parameter values
View
4 actionpack/lib/action_controller/metal/http_authentication.rb
@@ -217,9 +217,9 @@ def decode_credentials_header(request)
end
def decode_credentials(header)
- Hash[header.to_s.gsub(/^Digest\s+/,'').split(',').map do |pair|
+ HashWithIndifferentAccess[header.to_s.gsub(/^Digest\s+/,'').split(',').map do |pair|
key, value = pair.split('=', 2)
- [key.strip.to_sym, value.to_s.gsub(/^"|"$/,'').gsub(/'/, '')]
+ [key.strip, value.to_s.gsub(/^"|"$/,'').delete('\'')]
end]
end
View
2  actionpack/lib/action_pack/version.rb
@@ -2,7 +2,7 @@ module ActionPack
module VERSION #:nodoc:
MAJOR = 3
MINOR = 0
- TINY = 15
+ TINY = 16
PRE = nil
STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
View
4 activemodel/CHANGELOG
@@ -1,3 +1,7 @@
+## Rails 3.0.16 (Jul 26, 2012)
+
+* No changes.
+
## Rails 3.0.14 (Jun 12, 2012)
* No changes.
View
2  activemodel/lib/active_model/version.rb
@@ -2,7 +2,7 @@ module ActiveModel
module VERSION #:nodoc:
MAJOR = 3
MINOR = 0
- TINY = 15
+ TINY = 16
PRE = nil
STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
View
4 activerecord/CHANGELOG
@@ -1,3 +1,7 @@
+## Rails 3.0.16 (Jul 26, 2012)
+
+* No changes.
+
## Rails 3.0.14 (Jun 12, 2012)
* protect against the nesting of hashes changing the
View
2  activerecord/lib/active_record/version.rb
@@ -2,7 +2,7 @@ module ActiveRecord
module VERSION #:nodoc:
MAJOR = 3
MINOR = 0
- TINY = 15
+ TINY = 16
PRE = nil
STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
View
4 activeresource/CHANGELOG
@@ -1,3 +1,7 @@
+## Rails 3.0.16 (Jul 26, 2012)
+
+* No changes.
+
## Rails 3.0.14 (Jun 12, 2012)
* No changes.
View
2  activeresource/lib/active_resource/version.rb
@@ -2,7 +2,7 @@ module ActiveResource
module VERSION #:nodoc:
MAJOR = 3
MINOR = 0
- TINY = 15
+ TINY = 16
PRE = nil
STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
View
4 activesupport/CHANGELOG
@@ -1,3 +1,7 @@
+## Rails 3.0.16 (Jul 26, 2012)
+
+* No changes.
+
## Rails 3.0.14 (Jun 12, 2012)
* No changes.
View
2  activesupport/lib/active_support/version.rb
@@ -2,7 +2,7 @@ module ActiveSupport
module VERSION #:nodoc:
MAJOR = 3
MINOR = 0
- TINY = 15
+ TINY = 16
PRE = nil
STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
View
4 railties/CHANGELOG
@@ -1,3 +1,7 @@
+## Rails 3.0.16 (Jul 26, 2012)
+
+* No changes.
+
## Rails 3.0.14 (Jun 12, 2012)
* No changes.
View
2  railties/lib/rails/version.rb
@@ -2,7 +2,7 @@ module Rails
module VERSION #:nodoc:
MAJOR = 3
MINOR = 0
- TINY = 15
+ TINY = 16
PRE = nil
STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
View
2  version.rb
@@ -2,7 +2,7 @@ module Rails
module VERSION #:nodoc:
MAJOR = 3
MINOR = 0
- TINY = 15
+ TINY = 16
PRE = nil
STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')

No commit comments for this range

Something went wrong with that request. Please try again.