-
rails (2.0.2-1ubuntu1) hardy; urgency=low
* Post Feature Freeze upload (LP: #198160)
* Change maintainer to MOTU
* Add 20_fix_cp.dpatch to fix copy in doc package build and avoid FTBFS
- Patch thanks to Michael Milligan
rails (2.0.2-1) unstable; urgency=low
* New upstream release
+ SQLite3 is now the default database, instead of MySQL
+ [config/environments/production.rb] production mode will now
longer cache templates meaning they will load A LOT faster but for
any changes to appear, one will have to reload the entire
application.
rails (2.0.1-2) unstable; urgency=low
* Added Pre-Depends on dpkg (>= 1.10.24) as a workaround to Debian
install scripts do not seem to be updated since beginning
of century. Can't upload bzip2 deb compressed deb without adding
this superfluous depend.
* Move libmocha-ruby1.8 from Depends to Recommends as it is only
needed for unit testing.
* Give in and depend on libruby1.8-extras. We need this to satisfy
dependencies on OpenSSL and the ever so popular rubygems, though
rails will continue to work if rubygems 'gem' fails.
rails (2.0.1-1) unstable; urgency=low
* New upstream release (closes: #454909)
+ ActionWebservice is no more - rolled into ActionResource
+ SOAP support removed
* Use bzip2 to compress the deb, instead of the default (gzip)
* Update Standards version to 3.7.3 - no changes needed
* Added a lot more exceptions to lintian checks - rails does not
need all script executable.
-- Scott Kitterman <email address hidden> Wed, 05 Mar 2008 21:05:42 -0500
-
rails (1.2.6-1) unstable; urgency=high
* New upstream release
+ Fixes a previous session-fixation attack vector that was not
completely fixed (see 1.2.5-1 changelog) [CVE-2007-6077] (closes:
#452748)
* Use bash systax in bash script instead of ruby syntax. Fixes the
-I/--internal parameter so one can pass switches directly to the
upstream rails ruby script (closes: #381295, #390886)
-- Ubuntu Archive Auto-Sync <email address hidden> Fri, 30 Nov 2007 13:12:19 +0000
-
rails (1.2.5-1) unstable; urgency=high
* This is a new upstream release that addresses problems not
corrected in 1.2.4 or regressions.
+ to_json XSS [CVE-2007-3227] is really closed now
+ Potential Information Disclosure or DoS with Hash#from_xml
[CVE-2007-5379]
+ Session Fixation attacks. [CVE-2007-5380] URL based sessions are
now disabled by default. Session ids are only accepted from
cookies by default now.
[Micah Anderson]
* Urgency set to high due to security issues addressed
-- William Grant <email address hidden> Mon, 19 Nov 2007 10:11:03 +0000
-
rails (1.2.4-1ubuntu1) gutsy; urgency=low
* debian/control:
+ Remove libmocha-ruby1.8 from Depends for rails.
It's not included in gutsy and only used for unit tests.
+ Modify Maintainer value to match DebianMaintainerField spec.
* UVF exception: LP: #151078
rails (1.2.4-1) unstable; urgency=low
* New upstream release. Fixes at least 2 XSS bugs.
+ Secure #sanitize, #strip_tags, and #strip_links helpers against
xss attacks. Upstream changeset 7589
+ to_json did not escape values which allows for XSS. Applied
upstream changesets 6893, 6894. This bug as also been assigned
designation CVE-2007-3227 (closes: #429177)
* Add dependency on Sqlite3 as ActiveRecord supports this DB as
well
* Add dependency on libmocha which is needed by some unit tests
-- Michael Bienia <email address hidden> Tue, 09 Oct 2007 23:01:26 +0200
