-
rails (1.2.4-1ubuntu1.1) gutsy-security; urgency=low
* SECURITY UPDATE: Session fixation attack via broken :cookie_only
attribute. (LP: #173203)
* debian/patches/20_CVE-2007-6077: Fix broken session fixation catching.
Patch from upstream bug.
* References
CVE-2007-6077
-- William Grant <email address hidden> Sat, 01 Dec 2007 20:09:54 +1100
-
rails (1.2.4-1ubuntu1) gutsy; urgency=low
* debian/control:
+ Remove libmocha-ruby1.8 from Depends for rails.
It's not included in gutsy and only used for unit tests.
+ Modify Maintainer value to match DebianMaintainerField spec.
* UVF exception: LP: #151078
rails (1.2.4-1) unstable; urgency=low
* New upstream release. Fixes at least 2 XSS bugs.
+ Secure #sanitize, #strip_tags, and #strip_links helpers against
xss attacks. Upstream changeset 7589
+ to_json did not escape values which allows for XSS. Applied
upstream changesets 6893, 6894. This bug as also been assigned
designation CVE-2007-3227 (closes: #429177)
* Add dependency on Sqlite3 as ActiveRecord supports this DB as
well
* Add dependency on libmocha which is needed by some unit tests
-- Michael Bienia <email address hidden> Tue, 09 Oct 2007 23:01:26 +0200
-
rails (1.2.3-2) unstable; urgency=low
* Add mojo for doc-base document registration thanks to the patch by
Remi Vanicat. (closes: 386689)
* Upload to Sid now that Etch is out
rails (1.2.3-1) experimental; urgency=low
* New upstream release
rails (1.2.2-2) experimental; urgency=low
* We cannot remove the link vendor/rails, but we can point it so it
is not recursive. Recursive links seem to break eclipse and lack
of vendor/rails breaks rails.
The link target will create a non-recursive link, but a rails
deployment that copies the rails directories will still contain
recursive symlink. The problem is really in Eclipse though. It
should handle recursive symlinks.
rails (1.2.2-1) experimental; urgency=low
* New upstream release (closes: #408688)
* Remove link that crashes eclipse (closes: #405344)
-- Steve Kowalik <email address hidden> Wed, 09 May 2007 16:55:16 +0100
-
rails (1.2.1-0ubuntu1) feisty; urgency=low
* New upstream release.
* Fix debian/rules to deal with the new 1.2 layout.
* Fix the 10_localhost patch to apply.
* Add Build-Depends on rubygems.
rails (1.1.6-3) unstable; urgency=low
* Remove the 12_options patch which actually breaks select.
(closes: #406658)
rails (1.1.6-2) unstable; urgency=low
* [12_options] Fixes inconsistent behavior of select helper
functions.
* Added libfcgi-ruby1.8 to Suggests
* Conflict with libdevel-logger-ruby1.8 until after Etch is released
(closes: #405555)
-- Steve Kowalik <email address hidden> Sun, 4 Feb 2007 23:30:49 +1100