File rubygem-actionpack-2_0.changes of Package rubygem-actionpack-2_0

File rubygem-actionpack-2_0.changes of Package rubygem-actionpack-2_0 (Revision 2)

Currently displaying revision 2, show latest

-------------------------------------------------------------------
Thu Jan 17 15:43:46 CET 2008 - mrueckert@suse.de

- update to version 1.13.6
  * Correct Broken Fix for session_fixation attacks
  * Ensure that cookies handle array values correctly.
    Closes #9937 [queso]
- branch new packge rubygem-actionpack-1_13 to allow parallel
  installation of multiple major branches
- removed rubygem-actionpack-1.13.x_session_fixation_attack.patch
  included in update

-------------------------------------------------------------------
Fri Nov 23 00:33:20 CET 2007 - mrueckert@suse.de

- updated rubygem-actionpack-1.13.x_session_fixation_attack.patch
  new name rubygem-actionpack-1.13.x_session_fixation_attack_v2.patch:
  The original upstream patch only worked for the first request.
  Do not delete the cookie_only option from the session options.
  (#332441) (CVE-2007-6077)

-------------------------------------------------------------------
Wed Oct 17 16:48:01 CEST 2007 - mrueckert@suse.de

- added rubygem-actionpack-1.13.x_session_fixation_attack.patch:
  Reject session informations from the query string (#332441)
  (CVE-2007-5380)

-------------------------------------------------------------------
Wed Oct 17 17:52:39 CEST 2007 - mrueckert@suse.de

- update to version 1.13.5
  * Backport: allow array and hash query parameters. Array route
    parameters are converted/to/a/path as before.
    #6765, #7047, #7462
    [bgipsy, Jeremy McAnally, Dan Kubb, brendan, Diego Algorta Casamayou]
  * Fix in place editor's setter action with non-string fields.
    #7418 [Andreas]
- additional changes from version 1.13.4
  * Only accept session ids from cookies, prevents session fixation
    attacks.  [bradediger] (CVE-2007-5380) (bnc #332441)
  * Change the resource seperator from ; to / change the generated
    routes to use the new-style named routes.  e.g.
    new_group_user_path(@group) instead of
    group_new_user_path(@group). [pixeltrix]
  * Integration tests: introduce methods for other HTTP methods.
    #6353 [caboose]
  * Improve performance of action caching. Closes #8231 [skaes]
  * Fix errors with around_filters which do not yield, restore 1.1
    behaviour with after filters. Closes #8891 [skaes]
    After filters will *no longer* be run if an around_filter fails
    to yield, users relying on this behaviour are advised to put
    the code in question after a yield statement in an around
    filter.
  * Allow you to delete cookies with options.
    Closes #3685 [josh, Chris Wanstrath]
  * Deprecate pagination. Install the classic_pagination
    plugin for forward compatibility, or move to the superior
    will_paginate plugin.  #8157 [Mislav Marohnic]
  * Fix filtered parameter logging with nil parameter values.
    #8422 [choonkeat]
  * Integration tests: alias xhr to xml_http_request and add a
    request_method argument instead of always using POST.
    #7124 [Nik Wakelin, Francois Beausoleil, Wizard]
  * Document caches_action.  #5419 [Jarkko Laine]
  * observe_form always sends the serialized form.
    #5271 [manfred, normelton@gmail.com]
  * Update UrlWriter to accept :anchor parameter.
    Closes #6771. [octopod]
  * Replace the current block/continuation filter chain handling by
    an implementation based on a simple loop.
    Closes #8226 [Stefan Kaes]
  * Return the string representation from an Xml Builder when
    rendering a partial.  #5044 [tpope]
  * Cleaned up, corrected, and mildly expanded ActionPack
    documentation.  Closes #7190 [jeremymcanally]
  * Small collection of ActionController documentation cleanups.
    Closes #7319 [jeremymcanally]
  * Performance: patch cgi/session/pstore to require digest/md5
    once rather than per #initialize.  #7583 [Stefan Kaes]
  * Deprecation: verification with :redirect_to => :named_route
    shouldn't be deprecated.  #7525 [Justin French]

-------------------------------------------------------------------
Mon May 14 16:32:28 CEST 2007 - mrueckert@suse.de

- update to version 1.13.3:
  * Fix a bug in Routing where a parameter taken from the path of
    the current request could not be used as a query parameter for
    the next.  #6752 [Nicholas Seckar]
  * session_enabled? works with session :off.  #6680 [Catfish]
  * Performance: patch cgi/session to require digest/md5 once
    rather than per #create_new_id.  [Stefan Kaes]
- additional changes from 1.13.2:
  *  Add much-needed html-scanner tests.  Fixed CDATA parsing bug.
     [Rick]
  *  improve error message for Routing for named routes.
     [Rob Sanheim]
  *  Added enhanced docs to routing assertions. [Rob Sanheim]
  *  fix form_for example in ActionController::Resources
     documentation. [gnarg]
  *  Add singleton resources from trunk [Rick Olson]
  *  select :multiple => true suffixes the attribute name with []
     unless already suffixed.  #6977 [nik.kakelin, ben, julik]
  *  Improve routes documentation.  #7095 [zackchandler]
  *  Resource member routes require :id, eliminating the ambiguous
     overlap with collection routes.  #7229 [dkubb]
  *  Fixed NumberHelper#number_with_delimiter to use "." always
     for splitting the original number, not the delimiter
     parameter #7389 [ceefour]
  *  Autolinking recognizes trailing and embedded . , : ;  
     #7354 [Jarkko Laine]
  *  Make TextHelper::auto_link recognize URLs with colons in
     path correctly, fixes #7268.  [imajes]
  *  Improved auto_link to match more valid urls correctly
     [Tobias Luetke]

-------------------------------------------------------------------
Wed Jan 24 00:57:59 CET 2007 - mrueckert@suse.de

- update to version 1.13.1:
  update for rails 1.2.1. Too many changes to mention them here.
  see /usr/lib*/ruby/gems/1.8/gems/actionpack-1.13.1/CHANGELOG

-------------------------------------------------------------------
Fri Aug 11 02:33:25 CEST 2006 - mrueckert@suse.de

- update to version 1.12.5:
  * update for the previous security fix

-------------------------------------------------------------------
Thu Aug 10 12:40:16 CEST 2006 - mrueckert@suse.de

- update to version 1.12.4:
  * Documentation fix: integration test scripts don't require
    integration_test. (rails:#4914) [Frederick Ros <sl33p3r@free.fr>]
  * ActionController::Base Summary documentation rewrite.
    (rails:#4900) [kevin.clark@gmail.com]
  * Fix text_helper.rb documentation rendering. 
    (rails:#4725) [Frederick Ros]
  * Fixes bad rendering of JavaScriptMacrosHelper rdoc.
    (rails:#4910) [Frederick Ros]
  * Enhance documentation for setting headers in integration tests.
    Skip auto HTTP prepending when its already there.
    (rails:#4079) [Rick Olson]
  * Documentation for AbstractRequest.
    (rails:#4895) [kevin.clark@gmail.com]
  * Remove all remaining references to @params in the documentation.
    [Marcel Molina Jr.]
  * Add documentation for redirect_to :back's RedirectBackError
    exception.  [Marcel Molina Jr.]
  * Update layout and content_for documentation to use yield rather
    than magic @content_for instance variables. [Marcel Molina Jr.]
  * Cache CgiRequest#request_parameters so that multiple calls
    don't re-parse multipart data. [Rick]
  * Fixed that remote_form_for can leave out the object parameter
    and default to the instance variable of the object_name,
    just like form_for [DHH]
  * Added ActionController.filter_parameter_logging that makes it
    easy to remove passwords, credit card numbers, and other
    sensitive information from being logged when a request is
    handled. (rails:#1897) [jeremye@bsa.ca.gov]
  * Fixed that real files and symlinks should be treated the same
    when compiling templates.
    (rails:#5438) [zachary@panandscan.com]
  * Add :status option to send_data and send_file. Defaults to
    '200 OK'. (rails:#5243)
    [Manfred Stienstra <m.stienstra@fngtps.com>]
  * Update documentation for erb trim syntax.
    (rails:#5651) [matt@mattmargolis.net]
  * Short documentation to mention use of Mime::Type.register.
    (rails:#5710) [choonkeat@gmail.com]

-------------------------------------------------------------------
Sat Jul  1 04:21:38 CEST 2006 - mrueckert@suse.de

- update to version 1.12.3:
  * Fix broken traverse_to_controller. We now:
    Look for a _controller.rb file under RAILS_ROOT to load.
    If we find it, we require_dependency it and return the
    controller it defined.  (If none was defined we stop looking.)
    If we don't find it, we look for a .rb file under RAILS_ROOT
    to load. If we find it, and it loads a constant we keep
    looking.  Otherwise we check to see if a directory of the same
    name exists, and if it does we create a module for it.
  * Refinement to avoid exceptions in traverse_to_controller.
  * (Hackish) Fix loading of arbitrary files in Ruby's load path
  * by traverse_to_controller. [Nicholas Seckar]

-------------------------------------------------------------------
Wed Jun 21 01:06:03 CEST 2006 - mrueckert@suse.de

- use rubygems_with_buildroot_patch instead of the versioned
  buildrequires

-------------------------------------------------------------------
Mon Jun 19 18:37:41 CEST 2006 - mrueckert@suse.de

- Initial package version 1.12.1