Change log for rails package in Ubuntu
| 76 → 116 of 116 results | First • Previous • Next • Last |
rails (2:4.1.6-2) unstable; urgency=medium
* fix upgrades from wheezy:
- Remove Breaks: against old packages provided by previous versions of
Rails The Replaces: fields, left untouched, outght to be enough.
- ruby-actionview: Replaces ruby-actionpack-{2.3,3.2} since
ruby-actionview contains files that used to be in ruby-actionpack-*
- ruby-railties: Breaks/Replaces rails (<< 2:4) since ruby-railties
contains /usr/bin/rails which used to be in rails.
* debian/copyright: minor updates
-- Antonio Terceiro <email address hidden> Tue, 30 Sep 2014 18:33:36 -0300
Available diffs
- diff from 2:4.1.4-5 to 2:4.1.6-2 (46.6 KiB)
rails (2:4.1.4-5) unstable; urgency=medium
* ruby-actionmailer: relax dependency on ruby-mail to work with the 2.6.x
series
-- Antonio Terceiro <email address hidden> Mon, 04 Aug 2014 14:38:18 -0300
Available diffs
- diff from 2:4.1.4-4 to 2:4.1.4-5 (679 bytes)
rails (2:4.1.4-4) unstable; urgency=medium
* ruby-rails:
- add Recommends:
- ruby-jquery-rails
- ruby-coffee-rails
- ruby-sqlite3
- ruby-sass-rails
- ruby-uglifier
- ruby-spring
- ruby-turbolinks
- ruby-jbuilder
- ruby-sdoc
- add Breaks/Replaces: rails3
- bump Depends: ruby-sprockets-rails to (>= 2.1.3-1~)
- add Depends: ruby-treetop
- move ruby-activesuppport-3.2 from Breaks: to Conflicts:
- remove Breaks: rails (<< 2:4.1) since we now also provide a
`rails`` binary
* ruby-railties:
- remove Breaks: rails (<< 3:3.2.0)
* ruby-actionmailer:
- drop Depends: ruby-mail (<< 2.6)
cfe https://github.com/rails/rails/commit/bb0890d
* debian/tests/control: fix test dependencies to rails and *not* rails-3.2;
add needs-recommends instead of explicitly listing the recommended
packages
* debian/patches/mona_lisa.jpg_is_PD-Art_and_has_been_removed.patch: removed
as it does not make sense anymore (mona_lisa.jpg is just there).
-- Antonio Terceiro <email address hidden> Sun, 03 Aug 2014 00:24:26 -0300
Available diffs
- diff from 2:4.1.4-3 to 2:4.1.4-4 (3.8 KiB)
rails (2:4.1.4-3) unstable; urgency=medium * Re-add `rails` binary package * Improve description for ruby-railties -- Antonio Terceiro <email address hidden> Sat, 26 Jul 2014 10:12:46 -0300
Available diffs
- diff from 2:4.1.4-2 to 2:4.1.4-3 (1.1 KiB)
rails (2:4.1.4-2) unstable; urgency=medium
[ Antonio Terceiro ]
* Don't install nonsensical binary from activesupport
[ Ondřej Surý ]
* Merge autopkgtests from rails-3.2
* Add missing sources for shCore.js and jquery.min.js
* Upload to unstable since no objections were raised to the RoR Debian
transition plan
* Remove repack script since there's nothing non-free in the upstream
tarball (Closes: #742407)
* Keep the guides/ (CC-BY-SA-3.0) and mona_lisa.jpg (PD), but document
that in d/copyright
-- Ondřej Surý <email address hidden> Wed, 16 Jul 2014 17:19:07 +0200
| Superseded in vivid-release |
| Obsolete in utopic-release |
| Published in trusty-release |
| Obsolete in saucy-release |
| Deleted in saucy-proposed (Reason: moved to release) |
rails (2:3.2.13+1) unstable; urgency=low [ Cédric Boutillier ] * debian/control: remove obsolete DM-Upload-Allowed flag * Use canonical URI in Vcs-* fields [ Ondřej Surý ] * Upload Rail 3.2 as default version to unstable. * Add ruby-activemodel and ruby-railties dummy packages -- Ondřej Surý <email address hidden> Mon, 27 May 2013 14:37:22 +0200
Available diffs
- diff from 2:2.3.14.2 to 2:3.2.13+1 (4.3 KiB)
rails (2:2.3.14.2) unstable; urgency=low
* Introduce epoch to fix mistake when ruby-activerecord-3.2 provided
ruby-activerecord with a higher version number (3.2...). The rightfull
ruby-activerecord is the one provided by this package (Closes: #674810).
* debian/control:
+ Add myself to Uploaders:
+ Put transtional package with Priority: extra
+ Bump standards version to 3.9.3; no further changes needed
-- Antonio Terceiro <email address hidden> Thu, 14 Jun 2012 17:49:36 -0300
Available diffs
rails (2.3.5-1.2ubuntu1.1) natty-security; urgency=low
* SECURITY UPDATE: multiple cross-site scripting (XSS) vulnerabilities in
the mail_to helper
- Add 0001-Be-sure-to-javascript_escape-the-email-address-to-pr.patch
from Debian and fix Debian bug #629067 by replacing .html_safe with
html_escape()
- https://groups.google.com/group/rubyonrails-security/browse_thread/thread/f02a48ede8315f81
- CVE-2011-0446
- LP: #870846
* SECURITY UPDATE: rails does not properly validate HTTP requests that
contain an X-Requested-With header
- Add 0002-Change-the-CSRF-whitelisting-to-only-apply-to-get-re.patch
from Debian
- https://groups.google.com/group/rubyonrails-security/browse_thread/thread/2d95a3cc23e03665
- CVE-2011-0447
* SECURITY UPDATE: multiple SQL injection vulnerabilities in the
quote_table_name method in the ActiveRecord adapters
- Add CVE-2011-2930.patch from Debian
- https://groups.google.com/group/rubyonrails-security/browse_thread/thread/6a1e473744bc389b
- CVE-2011-2930
* SECURITY UPDATE: cross-site scripting (XSS) vulnerability in the
strip_tags helper
- Add CVE-2011-2931.patch from Debian
- https://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b9130749b74ea12
- CVE-2011-2931
* SECURITY UPDATE: cross-site scripting vulnerability which allows remote
attackers to inject arbitrary web script or HTML via a malformed Unicode string
- Add CVE-2011-2932.patch, backported from upstream
- https://groups.google.com/group/rubyonrails-security/browse_thread/thread/56bffb5923ab1195
- CVE-2011-2932
* SECURITY UPDATE: response splitting vulnerability
- Add CVE-2011-3186.patch from Debian
- https://groups.google.com/group/rubyonrails-security/browse_thread/thread/6ffc93bde0298768
- CVE-2011-3186
-- Felix Geyer <email address hidden> Wed, 12 Oct 2011 20:05:02 +0200
Available diffs
rails (2.3.5-1.1ubuntu0.1) maverick-security; urgency=low
* SECURITY UPDATE: multiple cross-site scripting (XSS) vulnerabilities in
the mail_to helper
- Add 0001-Be-sure-to-javascript_escape-the-email-address-to-pr.patch
from Debian and fix Debian bug #629067 by replacing .html_safe with
html_escape()
- https://groups.google.com/group/rubyonrails-security/browse_thread/thread/f02a48ede8315f81
- CVE-2011-0446
- LP: #870846
* SECURITY UPDATE: rails does not properly validate HTTP requests that
contain an X-Requested-With header
- Add 0002-Change-the-CSRF-whitelisting-to-only-apply-to-get-re.patch
from Debian
- https://groups.google.com/group/rubyonrails-security/browse_thread/thread/2d95a3cc23e03665
- CVE-2011-0447
* SECURITY UPDATE: multiple SQL injection vulnerabilities in the
quote_table_name method in the ActiveRecord adapters
- Add CVE-2011-2930.patch from Debian
- https://groups.google.com/group/rubyonrails-security/browse_thread/thread/6a1e473744bc389b
- CVE-2011-2930
* SECURITY UPDATE: cross-site scripting (XSS) vulnerability in the
strip_tags helper
- Add CVE-2011-2931.patch from Debian
- https://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b9130749b74ea12
- CVE-2011-2931
* SECURITY UPDATE: cross-site scripting vulnerability which allows remote
attackers to inject arbitrary web script or HTML via a malformed Unicode string
- Add CVE-2011-2932.patch, backported from upstream
- https://groups.google.com/group/rubyonrails-security/browse_thread/thread/56bffb5923ab1195
- CVE-2011-2932
* SECURITY UPDATE: response splitting vulnerability
- Add CVE-2011-3186.patch from Debian
- https://groups.google.com/group/rubyonrails-security/browse_thread/thread/6ffc93bde0298768
- CVE-2011-3186
-- Felix Geyer <email address hidden> Wed, 12 Oct 2011 18:48:13 +0200
Available diffs
rails (2.2.3-2ubuntu0.1) lucid-security; urgency=low
* SECURITY UPDATE: multiple cross-site scripting (XSS) vulnerabilities in
the mail_to helper
- backported fix from upstream:
actionpack/test/template/url_helper_test.rb
actionpack/lib/action_view/helpers/url_helper.rb
- https://groups.google.com/group/rubyonrails-security/browse_thread/thread/f02a48ede8315f81
- CVE-2011-0446
- LP: #870846
* SECURITY UPDATE: rails does not properly validate HTTP requests that
contain an X-Requested-With header
- patch from upstream:
actionpack/test/controller/request_forgery_protection_test.rb
actionpack/lib/action_view/helpers.rb
actionpack/lib/action_view/helpers/csrf_helper.rb
actionpack/lib/action_controller/request_forgery_protection.rb
- https://groups.google.com/group/rubyonrails-security/browse_thread/thread/2d95a3cc23e03665
- CVE-2011-0447
* SECURITY UPDATE: multiple SQL injection vulnerabilities in the
quote_table_name method in the ActiveRecord adapters
- patch from upstream:
activerecord/test/cases/base_test.rb
activerecord/lib/active_record/connection_adapters/mysql_adapter.rb
activerecord/lib/active_record/connection_adapters/sqlite_adapter.rb
- https://groups.google.com/group/rubyonrails-security/browse_thread/thread/6a1e473744bc389b
- CVE-2011-2930
* SECURITY UPDATE: cross-site scripting (XSS) vulnerability in the
strip_tags helper
- patch from upstream:
actionpack/test/controller/html-scanner/sanitizer_test.rb
actionpack/lib/action_controller/vendor/html-scanner/html/node.rb
- https://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b9130749b74ea12
- CVE-2011-2931
* SECURITY UPDATE: cross-site scripting vulnerability which allows remote
attackers to inject arbitrary web script or HTML via a malformed Unicode string
- backported fix from upstream:
actionpack/lib/action_view/template_handlers/erb.rb
actionpack/test/template/erb_util_test.rb
- https://groups.google.com/group/rubyonrails-security/browse_thread/thread/56bffb5923ab1195
- CVE-2011-2932
* SECURITY UPDATE: response splitting vulnerability
- patch from upstream:
actionpack/test/controller/content_type_test.rb
actionpack/lib/action_controller/response.rb
- https://groups.google.com/group/rubyonrails-security/browse_thread/thread/6ffc93bde0298768
- CVE-2011-3186
-- Felix Geyer <email address hidden> Sat, 08 Oct 2011 17:26:54 +0200
Available diffs
rails (2.3.14.1) unstable; urgency=low
* Add transitional packages from old rails package to the new
packaging system
Available diffs
- diff from 2.3.11-0.1 to 2.3.14.1 (2.1 MiB)
| Superseded in oneiric-release |
rails (2.3.11-0.1) unstable; urgency=medium
* Non-maintainer upload.
* Imported Upstream version 2.3.11 (Closes: #616456)
+ Works with rubygems 1.6.x (Closes: #622829, #618221)
+ Fix XSS Risk in mail_to :encode=>:javascript [CVE-2011-0446]
+ Fix CSRF Bypass Risk: [CVE-2011-0447] (Closes: #614864)
+ I18N interpolation deprecation was removed in v2.3.6 (Closes: #546037)
* Update dependencies on tmail (>= 1.2.7) and i18n (>= 0.4.1)
* Adapt patches to the new release
* Add Breaks: redmine (<< 1.1.3-1)
* Add rubygems{1.8,1.9.1} dependency to all packages (Closes: #587767)
-- Felix Geyer <email address hidden> Thu, 11 Aug 2011 00:26:34 +0000
Available diffs
- diff from 2.3.5-1.2ubuntu1 to 2.3.11-0.1 (448.3 KiB)
rails (2.3.5-1.2ubuntu1) natty; urgency=low
* debian/patches/cdata-and-white-space-handling.patch: Handle CDATA and
improve white space handling, fixing a Segmentation Fault in some
circumstances. Patch based on subset of upstream commit range.
(LP: #670571)
-- Dave Walker (Daviey) <email address hidden> Wed, 16 Mar 2011 01:03:12 +0000
Available diffs
- diff from 2.3.5-1.2 to 2.3.5-1.2ubuntu1 (1.7 KiB)
rails (2.3.5-1.2) unstable; urgency=high
* Non-maintainer upload.
[ Laurent Bigonville ]
* Fix documentation about default listening address (Closes: #583149)
[ Gunnar Wolf ]
* Modified a string that recommends the user to do Very Bad Things
(Closes: #603048)
-- Ubuntu Archive Auto-Sync <email address hidden> Thu, 30 Dec 2010 11:14:48 +0000
Available diffs
- diff from 2.3.5-1.1 to 2.3.5-1.2 (1.7 KiB)
rails (2.3.5-1.1) unstable; urgency=low
* Non-maintainer upload.
* Added missing build-dependencies for rails-ruby1.8 on libactionpack-
ruby1.8, libactionmailer-ruby1.8 and libactiveresource-ruby1.8
(Closes: #587048)
* Fixed broken symlink to railties on new project generator (Closes:
#583219)
-- Micah Gersten <email address hidden> Thu, 26 Aug 2010 12:36:28 -0500
Available diffs
- diff from 2.3.5-1 to 2.3.5-1.1 (1.6 KiB)
rails (2.3.5-1) unstable; urgency=low
* New upstream release (closes: #547658)
* Package is now split up and non-core rails components, like AR, are on
the ruby load path. (closes: #469524, #517328)
* debian/control
+ Depend on rubygems.
+ Suggest thin or thin1.8 as a possible server to run your production
environment on. This is particularly useful if it is already being
proxied.
+ xml-simple is no longer used by rails
+ Updated Standard to 3.8.4
-- Ubuntu Archive Auto-Sync <email address hidden> Thu, 27 May 2010 09:26:01 +0100
Available diffs
- diff from 2.2.3-2 to 2.3.5-1 (1.4 MiB)
rails (2.2.3-2) unstable; urgency=high
* Make sure strip_tags removes tags which start with a non-printable
character. (closes: #558685) [CVE-2009-4214]
* Merge in a few additional encoding changes.
-- Ubuntu Archive Auto-Sync <email address hidden> Thu, 04 Feb 2010 17:27:11 +0000
Available diffs
- diff from 2.2.3-1 to 2.2.3-2 (1.8 KiB)
rails (2.2.3-1) unstable; urgency=high
* New upstream release (closes: #545063)
+ Fixes XSS security hole [CVE-2009-3009]
+ Fixes timing issue with cookie store [CVE-2009-3086]
* Remove dependency on ruby-dbi, as it is not required by any of the
sources.
* Correct dependency on fixed libxml-simple-ruby to 1.0.11-2 or later
(closes: #538982)
* debian/control
+ Change section from web to ruby
+ Updated to debhelper 7.0+
+ Standards updated to 3.8.3 - no changes
-- Scott Kitterman <email address hidden> Fri, 11 Sep 2009 13:53:42 -0500
Available diffs
- diff from 2.2.2-1.1 to 2.2.3-1 (30.2 KiB)
rails (2.2.2-1.1) unstable; urgency=low * Non-maintainer upload. * Build-depends on rubygems. (Closes: #522009) -- fabrice_sp <email address hidden> Sat, 15 Aug 2009 15:20:16 +0100
Available diffs
- diff from 2.2.2-1 to 2.2.2-1.1 (567 bytes)
rails (2.2.2-1) unstable; urgency=low
* New upstream release (closes: #510580, 510580)
+ fixes the problem with migration with symbolic field types
(closes: #511860)
* debian/control:
+ Depend on Rake 0.8.3 or later
+ Build-Depends-Indep on libmocha-ruby for unit tests
+ Move most of the build dependencies to Build-Depends-Indep
+ Remove the predepends as Lenny is released
* Load XMLSimple without specifying a path (closes: #514582)
* Add an explanation how to configure non-packaged rails adds to work
with Debian version of rails. Also include a tiny script to help in
this effort. Tomas Pospisek provided the patch. (closes: #499187)
-- Ubuntu Archive Auto-Sync <email address hidden> Wed, 29 Apr 2009 12:10:14 +0100
Available diffs
- diff from 2.1.0-6 to 2.2.2-1 (1.3 MiB)
rails (2.1.0-6) unstable; urgency=high
* Some browsers may submit 'text/plain' content type as part of POST
request. ActionController passed these requests through, sidestepping
the CSRF protection given by protect_from_forgery. Patch from
upstream removes 'text/plain' encoding from the "ignore list".
-- Ubuntu Archive Auto-Sync <email address hidden> Wed, 19 Nov 2008 13:53:37 +0000
Available diffs
- diff from 2.1.0-5 to 2.1.0-6 (694 bytes)
rails (2.1.0-5) unstable; urgency=high
* Sanitize the URLs passed to redirect_to to prevent a potential
response splitting attack. Patch from upstream.
-- Ubuntu Archive Auto-Sync <email address hidden> Wed, 05 Nov 2008 17:55:42 +0000
Available diffs
- diff from 2.1.0-4 to 2.1.0-5 (782 bytes)
rails (2.1.0-4) unstable; urgency=low
* Added a fix for binary data corruption with PostgreSQL backend. This
occurred whenever the binary data included ASCII value of \ followed
by three numbers.
* The fix in ActiveRecord to address SQL injection in :limit and :offset
was not complete. MySQL backend was still affected as it redefined the
problematic functions. Pulled in upstream patch.
Available diffs
- diff from 2.1.0-2 to 2.1.0-4 (3.1 KiB)
rails (2.1.0-2) unstable; urgency=low
* Remove dependency on rubygems for the build process. (closes:
#490419)
* Use also use Debian supplied gems 'builder' and 'xml-simple'
instead of using the upstream's supplied version, which is
redundant.
* Remove extraneous depends on rubygems. It is already depended on
through libruby1.8-extras (closes: #491125)
-- Scott Kitterman <email address hidden> Thu, 24 Jul 2008 08:55:14 +0100
Available diffs
- diff from 2.1.0-1ubuntu1 to 2.1.0-2 (1.8 KiB)
| Superseded in intrepid-release |
rails (2.1.0-1ubuntu1) intrepid; urgency=low
[ Ryan Niebur ]
* Non-maintainer upload.
* NMU to fix RC bugs.
* Build depend on rubygems (closes: #490419)
* Depend on the rubygems package in sid or the one in lenny (closes: #491125)
[ Scott Kitterman ]
* Update to rails 2.1 and grab proposed NMU for Ubuntu so it builds
(LP: #236966)
Available diffs
- diff from 2.0.2-2 to 2.1.0-1ubuntu1 (906.0 KiB)
rails (2.0.2-2) unstable; urgency=low
* Added upstream patch from ticket #11127 to support the newer
ruby-pg. (closes: #476449)
* Added dependency on rubygems (closes: #468206)
* Sqlite3 is now the default DB used, if another is not specified when
the project is initially created. (closes: #468803)
rails (2.0.2-1ubuntu1) hardy; urgency=low * Post Feature Freeze upload (LP: #198160) * Change maintainer to MOTU * Add 20_fix_cp.dpatch to fix copy in doc package build and avoid FTBFS - Patch thanks to Michael Milligan
rails (1.2.4-1ubuntu1.1) gutsy-security; urgency=low
* SECURITY UPDATE: Session fixation attack via broken :cookie_only
attribute. (LP: #173203)
* debian/patches/20_CVE-2007-6077: Fix broken session fixation catching.
Patch from upstream bug.
* References
CVE-2007-6077
-- William Grant <email address hidden> Sat, 01 Dec 2007 20:09:54 +1100
rails (1.2.6-1) unstable; urgency=high
* New upstream release
+ Fixes a previous session-fixation attack vector that was not
completely fixed (see 1.2.5-1 changelog) [CVE-2007-6077] (closes:
#452748)
* Use bash systax in bash script instead of ruby syntax. Fixes the
-I/--internal parameter so one can pass switches directly to the
upstream rails ruby script (closes: #381295, #390886)
-- Ubuntu Archive Auto-Sync <email address hidden> Fri, 30 Nov 2007 13:12:19 +0000
rails (1.2.5-1) unstable; urgency=high
* This is a new upstream release that addresses problems not
corrected in 1.2.4 or regressions.
+ to_json XSS [CVE-2007-3227] is really closed now
+ Potential Information Disclosure or DoS with Hash#from_xml
[CVE-2007-5379]
+ Session Fixation attacks. [CVE-2007-5380] URL based sessions are
now disabled by default. Session ids are only accepted from
cookies by default now.
[Micah Anderson]
* Urgency set to high due to security issues addressed
-- William Grant <email address hidden> Mon, 19 Nov 2007 10:11:03 +0000
rails (1.2.4-1ubuntu1) gutsy; urgency=low
* debian/control:
+ Remove libmocha-ruby1.8 from Depends for rails.
It's not included in gutsy and only used for unit tests.
+ Modify Maintainer value to match DebianMaintainerField spec.
* UVF exception: LP: #151078
rails (1.2.3-2) unstable; urgency=low
* Add mojo for doc-base document registration thanks to the patch by
Remi Vanicat. (closes: 386689)
* Upload to Sid now that Etch is out
rails (1.2.1-0ubuntu1) feisty; urgency=low * New upstream release. * Fix debian/rules to deal with the new 1.2 layout. * Fix the 10_localhost patch to apply. * Add Build-Depends on rubygems.
rails (1.1.2-1ubuntu0.1) dapper-security; urgency=low
* Add debian/patches/09_routing_security, which fixes a serious data
loss problem. (CVE-2006-4111, CVE-2006-4112)
* Apply match inline since it is not done automatically at build time.
-- Steve Kowalik <email address hidden> Wed, 16 Aug 2006 14:37:17 +0000
rails (1.1.6-1) unstable; urgency=emergency
* New upstream 'security hole fix' release
+ This one fixes the fix in 1.1.5 as that one was still
vulnerable. (closes: #382255)
rails (1.1.4-1) unstable; urgency=low
* New upstream release
* Moved build-depends-indep to build-depends to prevent build
failures.
-- Ubuntu Archive Auto-Sync <email address hidden> Wed, 12 Jul 2006 14:44:27 +0100
rails (1.1.2-1) unstable; urgency=low
* New upstream release
* Added support to specify database name (using -D) and to specify
options that will be passed to rails script directly (-I). Added
these to manpage as well. (closes: #361990)
* Depend and build-depend on rake >7.0 (closes: #362890)
* Updated standards to version 3.7.2. No changes.
rails (1.0.0-1) unstable; urgency=low
* New upstream release
+ Now handles multiple databases (closes: #341496)
* Modified Suggests: to include mod_fcgid (closes: #339953)
-- Adam Majer <email address hidden> Thu, 15 Dec 2005 12:40:38 -0600
rails (0.13.1-1) unstable; urgency=low * New upstream release -- Adam Majer <email address hidden> Mon, 11 Jul 2005 10:22:39 -0500
| Obsolete in hoary-backports |
rails (0.13.1-1~hoary1) hoary-backports; urgency=low * Automated backport upload; no source changes. -- Ubuntu Archive Auto-Backport <email address hidden> Wed, 3 Aug 2005 17:16:56 +0100
rails (0.11.1-2) unstable; urgency=low * Fixed the Inflector patch -- Adam Majer <email address hidden> Wed, 30 Mar 2005 17:29:29 -0600
| 76 → 116 of 116 results | First • Previous • Next • Last |
