-
rails (2.2.3-1) unstable; urgency=high
* New upstream release (closes: #545063)
+ Fixes XSS security hole [CVE-2009-3009]
+ Fixes timing issue with cookie store [CVE-2009-3086]
* Remove dependency on ruby-dbi, as it is not required by any of the
sources.
* Correct dependency on fixed libxml-simple-ruby to 1.0.11-2 or later
(closes: #538982)
* debian/control
+ Change section from web to ruby
+ Updated to debhelper 7.0+
+ Standards updated to 3.8.3 - no changes
-- Scott Kitterman <email address hidden> Fri, 11 Sep 2009 13:53:42 -0500
-
rails (2.2.2-1.1) unstable; urgency=low
* Non-maintainer upload.
* Build-depends on rubygems. (Closes: #522009)
-- fabrice_sp <email address hidden> Sat, 15 Aug 2009 15:20:16 +0100
-
rails (2.2.2-1) unstable; urgency=low
* New upstream release (closes: #510580, 510580)
+ fixes the problem with migration with symbolic field types
(closes: #511860)
* debian/control:
+ Depend on Rake 0.8.3 or later
+ Build-Depends-Indep on libmocha-ruby for unit tests
+ Move most of the build dependencies to Build-Depends-Indep
+ Remove the predepends as Lenny is released
* Load XMLSimple without specifying a path (closes: #514582)
* Add an explanation how to configure non-packaged rails adds to work
with Debian version of rails. Also include a tiny script to help in
this effort. Tomas Pospisek provided the patch. (closes: #499187)
-- Ubuntu Archive Auto-Sync <email address hidden> Wed, 29 Apr 2009 12:10:14 +0100
-
rails (2.1.0-6) unstable; urgency=high
* Some browsers may submit 'text/plain' content type as part of POST
request. ActionController passed these requests through, sidestepping
the CSRF protection given by protect_from_forgery. Patch from
upstream removes 'text/plain' encoding from the "ignore list".
-- Ubuntu Archive Auto-Sync <email address hidden> Wed, 19 Nov 2008 13:53:37 +0000
