Change log for rails package in Ubuntu
76 → 116 of 116 results | First • Previous • Next • Last |
rails (2:4.1.6-2) unstable; urgency=medium * fix upgrades from wheezy: - Remove Breaks: against old packages provided by previous versions of Rails The Replaces: fields, left untouched, outght to be enough. - ruby-actionview: Replaces ruby-actionpack-{2.3,3.2} since ruby-actionview contains files that used to be in ruby-actionpack-* - ruby-railties: Breaks/Replaces rails (<< 2:4) since ruby-railties contains /usr/bin/rails which used to be in rails. * debian/copyright: minor updates -- Antonio Terceiro <email address hidden> Tue, 30 Sep 2014 18:33:36 -0300
Available diffs
- diff from 2:4.1.4-5 to 2:4.1.6-2 (46.6 KiB)
rails (2:4.1.4-5) unstable; urgency=medium * ruby-actionmailer: relax dependency on ruby-mail to work with the 2.6.x series -- Antonio Terceiro <email address hidden> Mon, 04 Aug 2014 14:38:18 -0300
Available diffs
- diff from 2:4.1.4-4 to 2:4.1.4-5 (679 bytes)
rails (2:4.1.4-4) unstable; urgency=medium * ruby-rails: - add Recommends: - ruby-jquery-rails - ruby-coffee-rails - ruby-sqlite3 - ruby-sass-rails - ruby-uglifier - ruby-spring - ruby-turbolinks - ruby-jbuilder - ruby-sdoc - add Breaks/Replaces: rails3 - bump Depends: ruby-sprockets-rails to (>= 2.1.3-1~) - add Depends: ruby-treetop - move ruby-activesuppport-3.2 from Breaks: to Conflicts: - remove Breaks: rails (<< 2:4.1) since we now also provide a `rails`` binary * ruby-railties: - remove Breaks: rails (<< 3:3.2.0) * ruby-actionmailer: - drop Depends: ruby-mail (<< 2.6) cfe https://github.com/rails/rails/commit/bb0890d * debian/tests/control: fix test dependencies to rails and *not* rails-3.2; add needs-recommends instead of explicitly listing the recommended packages * debian/patches/mona_lisa.jpg_is_PD-Art_and_has_been_removed.patch: removed as it does not make sense anymore (mona_lisa.jpg is just there). -- Antonio Terceiro <email address hidden> Sun, 03 Aug 2014 00:24:26 -0300
Available diffs
- diff from 2:4.1.4-3 to 2:4.1.4-4 (3.8 KiB)
rails (2:4.1.4-3) unstable; urgency=medium * Re-add `rails` binary package * Improve description for ruby-railties -- Antonio Terceiro <email address hidden> Sat, 26 Jul 2014 10:12:46 -0300
Available diffs
- diff from 2:4.1.4-2 to 2:4.1.4-3 (1.1 KiB)
rails (2:4.1.4-2) unstable; urgency=medium [ Antonio Terceiro ] * Don't install nonsensical binary from activesupport [ Ondřej Surý ] * Merge autopkgtests from rails-3.2 * Add missing sources for shCore.js and jquery.min.js * Upload to unstable since no objections were raised to the RoR Debian transition plan * Remove repack script since there's nothing non-free in the upstream tarball (Closes: #742407) * Keep the guides/ (CC-BY-SA-3.0) and mona_lisa.jpg (PD), but document that in d/copyright -- Ondřej Surý <email address hidden> Wed, 16 Jul 2014 17:19:07 +0200
Superseded in vivid-release |
Obsolete in utopic-release |
Published in trusty-release |
Obsolete in saucy-release |
Deleted in saucy-proposed (Reason: moved to release) |
rails (2:3.2.13+1) unstable; urgency=low [ Cédric Boutillier ] * debian/control: remove obsolete DM-Upload-Allowed flag * Use canonical URI in Vcs-* fields [ Ondřej Surý ] * Upload Rail 3.2 as default version to unstable. * Add ruby-activemodel and ruby-railties dummy packages -- Ondřej Surý <email address hidden> Mon, 27 May 2013 14:37:22 +0200
Available diffs
- diff from 2:2.3.14.2 to 2:3.2.13+1 (4.3 KiB)
rails (2:2.3.14.2) unstable; urgency=low * Introduce epoch to fix mistake when ruby-activerecord-3.2 provided ruby-activerecord with a higher version number (3.2...). The rightfull ruby-activerecord is the one provided by this package (Closes: #674810). * debian/control: + Add myself to Uploaders: + Put transtional package with Priority: extra + Bump standards version to 3.9.3; no further changes needed -- Antonio Terceiro <email address hidden> Thu, 14 Jun 2012 17:49:36 -0300
Available diffs
rails (2.3.5-1.2ubuntu1.1) natty-security; urgency=low * SECURITY UPDATE: multiple cross-site scripting (XSS) vulnerabilities in the mail_to helper - Add 0001-Be-sure-to-javascript_escape-the-email-address-to-pr.patch from Debian and fix Debian bug #629067 by replacing .html_safe with html_escape() - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/f02a48ede8315f81 - CVE-2011-0446 - LP: #870846 * SECURITY UPDATE: rails does not properly validate HTTP requests that contain an X-Requested-With header - Add 0002-Change-the-CSRF-whitelisting-to-only-apply-to-get-re.patch from Debian - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/2d95a3cc23e03665 - CVE-2011-0447 * SECURITY UPDATE: multiple SQL injection vulnerabilities in the quote_table_name method in the ActiveRecord adapters - Add CVE-2011-2930.patch from Debian - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/6a1e473744bc389b - CVE-2011-2930 * SECURITY UPDATE: cross-site scripting (XSS) vulnerability in the strip_tags helper - Add CVE-2011-2931.patch from Debian - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b9130749b74ea12 - CVE-2011-2931 * SECURITY UPDATE: cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via a malformed Unicode string - Add CVE-2011-2932.patch, backported from upstream - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/56bffb5923ab1195 - CVE-2011-2932 * SECURITY UPDATE: response splitting vulnerability - Add CVE-2011-3186.patch from Debian - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/6ffc93bde0298768 - CVE-2011-3186 -- Felix Geyer <email address hidden> Wed, 12 Oct 2011 20:05:02 +0200
Available diffs
rails (2.3.5-1.1ubuntu0.1) maverick-security; urgency=low * SECURITY UPDATE: multiple cross-site scripting (XSS) vulnerabilities in the mail_to helper - Add 0001-Be-sure-to-javascript_escape-the-email-address-to-pr.patch from Debian and fix Debian bug #629067 by replacing .html_safe with html_escape() - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/f02a48ede8315f81 - CVE-2011-0446 - LP: #870846 * SECURITY UPDATE: rails does not properly validate HTTP requests that contain an X-Requested-With header - Add 0002-Change-the-CSRF-whitelisting-to-only-apply-to-get-re.patch from Debian - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/2d95a3cc23e03665 - CVE-2011-0447 * SECURITY UPDATE: multiple SQL injection vulnerabilities in the quote_table_name method in the ActiveRecord adapters - Add CVE-2011-2930.patch from Debian - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/6a1e473744bc389b - CVE-2011-2930 * SECURITY UPDATE: cross-site scripting (XSS) vulnerability in the strip_tags helper - Add CVE-2011-2931.patch from Debian - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b9130749b74ea12 - CVE-2011-2931 * SECURITY UPDATE: cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via a malformed Unicode string - Add CVE-2011-2932.patch, backported from upstream - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/56bffb5923ab1195 - CVE-2011-2932 * SECURITY UPDATE: response splitting vulnerability - Add CVE-2011-3186.patch from Debian - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/6ffc93bde0298768 - CVE-2011-3186 -- Felix Geyer <email address hidden> Wed, 12 Oct 2011 18:48:13 +0200
Available diffs
rails (2.2.3-2ubuntu0.1) lucid-security; urgency=low * SECURITY UPDATE: multiple cross-site scripting (XSS) vulnerabilities in the mail_to helper - backported fix from upstream: actionpack/test/template/url_helper_test.rb actionpack/lib/action_view/helpers/url_helper.rb - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/f02a48ede8315f81 - CVE-2011-0446 - LP: #870846 * SECURITY UPDATE: rails does not properly validate HTTP requests that contain an X-Requested-With header - patch from upstream: actionpack/test/controller/request_forgery_protection_test.rb actionpack/lib/action_view/helpers.rb actionpack/lib/action_view/helpers/csrf_helper.rb actionpack/lib/action_controller/request_forgery_protection.rb - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/2d95a3cc23e03665 - CVE-2011-0447 * SECURITY UPDATE: multiple SQL injection vulnerabilities in the quote_table_name method in the ActiveRecord adapters - patch from upstream: activerecord/test/cases/base_test.rb activerecord/lib/active_record/connection_adapters/mysql_adapter.rb activerecord/lib/active_record/connection_adapters/sqlite_adapter.rb - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/6a1e473744bc389b - CVE-2011-2930 * SECURITY UPDATE: cross-site scripting (XSS) vulnerability in the strip_tags helper - patch from upstream: actionpack/test/controller/html-scanner/sanitizer_test.rb actionpack/lib/action_controller/vendor/html-scanner/html/node.rb - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b9130749b74ea12 - CVE-2011-2931 * SECURITY UPDATE: cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via a malformed Unicode string - backported fix from upstream: actionpack/lib/action_view/template_handlers/erb.rb actionpack/test/template/erb_util_test.rb - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/56bffb5923ab1195 - CVE-2011-2932 * SECURITY UPDATE: response splitting vulnerability - patch from upstream: actionpack/test/controller/content_type_test.rb actionpack/lib/action_controller/response.rb - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/6ffc93bde0298768 - CVE-2011-3186 -- Felix Geyer <email address hidden> Sat, 08 Oct 2011 17:26:54 +0200
Available diffs
rails (2.3.14.1) unstable; urgency=low * Add transitional packages from old rails package to the new packaging system
Available diffs
- diff from 2.3.11-0.1 to 2.3.14.1 (2.1 MiB)
Superseded in oneiric-release |
rails (2.3.11-0.1) unstable; urgency=medium * Non-maintainer upload. * Imported Upstream version 2.3.11 (Closes: #616456) + Works with rubygems 1.6.x (Closes: #622829, #618221) + Fix XSS Risk in mail_to :encode=>:javascript [CVE-2011-0446] + Fix CSRF Bypass Risk: [CVE-2011-0447] (Closes: #614864) + I18N interpolation deprecation was removed in v2.3.6 (Closes: #546037) * Update dependencies on tmail (>= 1.2.7) and i18n (>= 0.4.1) * Adapt patches to the new release * Add Breaks: redmine (<< 1.1.3-1) * Add rubygems{1.8,1.9.1} dependency to all packages (Closes: #587767) -- Felix Geyer <email address hidden> Thu, 11 Aug 2011 00:26:34 +0000
Available diffs
- diff from 2.3.5-1.2ubuntu1 to 2.3.11-0.1 (448.3 KiB)
rails (2.3.5-1.2ubuntu1) natty; urgency=low * debian/patches/cdata-and-white-space-handling.patch: Handle CDATA and improve white space handling, fixing a Segmentation Fault in some circumstances. Patch based on subset of upstream commit range. (LP: #670571) -- Dave Walker (Daviey) <email address hidden> Wed, 16 Mar 2011 01:03:12 +0000
Available diffs
- diff from 2.3.5-1.2 to 2.3.5-1.2ubuntu1 (1.7 KiB)
rails (2.3.5-1.2) unstable; urgency=high * Non-maintainer upload. [ Laurent Bigonville ] * Fix documentation about default listening address (Closes: #583149) [ Gunnar Wolf ] * Modified a string that recommends the user to do Very Bad Things (Closes: #603048) -- Ubuntu Archive Auto-Sync <email address hidden> Thu, 30 Dec 2010 11:14:48 +0000
Available diffs
- diff from 2.3.5-1.1 to 2.3.5-1.2 (1.7 KiB)
rails (2.3.5-1.1) unstable; urgency=low * Non-maintainer upload. * Added missing build-dependencies for rails-ruby1.8 on libactionpack- ruby1.8, libactionmailer-ruby1.8 and libactiveresource-ruby1.8 (Closes: #587048) * Fixed broken symlink to railties on new project generator (Closes: #583219) -- Micah Gersten <email address hidden> Thu, 26 Aug 2010 12:36:28 -0500
Available diffs
- diff from 2.3.5-1 to 2.3.5-1.1 (1.6 KiB)
rails (2.3.5-1) unstable; urgency=low * New upstream release (closes: #547658) * Package is now split up and non-core rails components, like AR, are on the ruby load path. (closes: #469524, #517328) * debian/control + Depend on rubygems. + Suggest thin or thin1.8 as a possible server to run your production environment on. This is particularly useful if it is already being proxied. + xml-simple is no longer used by rails + Updated Standard to 3.8.4 -- Ubuntu Archive Auto-Sync <email address hidden> Thu, 27 May 2010 09:26:01 +0100
Available diffs
- diff from 2.2.3-2 to 2.3.5-1 (1.4 MiB)
rails (2.2.3-2) unstable; urgency=high * Make sure strip_tags removes tags which start with a non-printable character. (closes: #558685) [CVE-2009-4214] * Merge in a few additional encoding changes. -- Ubuntu Archive Auto-Sync <email address hidden> Thu, 04 Feb 2010 17:27:11 +0000
Available diffs
- diff from 2.2.3-1 to 2.2.3-2 (1.8 KiB)
rails (2.2.3-1) unstable; urgency=high * New upstream release (closes: #545063) + Fixes XSS security hole [CVE-2009-3009] + Fixes timing issue with cookie store [CVE-2009-3086] * Remove dependency on ruby-dbi, as it is not required by any of the sources. * Correct dependency on fixed libxml-simple-ruby to 1.0.11-2 or later (closes: #538982) * debian/control + Change section from web to ruby + Updated to debhelper 7.0+ + Standards updated to 3.8.3 - no changes -- Scott Kitterman <email address hidden> Fri, 11 Sep 2009 13:53:42 -0500
Available diffs
- diff from 2.2.2-1.1 to 2.2.3-1 (30.2 KiB)
rails (2.2.2-1.1) unstable; urgency=low * Non-maintainer upload. * Build-depends on rubygems. (Closes: #522009) -- fabrice_sp <email address hidden> Sat, 15 Aug 2009 15:20:16 +0100
Available diffs
- diff from 2.2.2-1 to 2.2.2-1.1 (567 bytes)
rails (2.2.2-1) unstable; urgency=low * New upstream release (closes: #510580, 510580) + fixes the problem with migration with symbolic field types (closes: #511860) * debian/control: + Depend on Rake 0.8.3 or later + Build-Depends-Indep on libmocha-ruby for unit tests + Move most of the build dependencies to Build-Depends-Indep + Remove the predepends as Lenny is released * Load XMLSimple without specifying a path (closes: #514582) * Add an explanation how to configure non-packaged rails adds to work with Debian version of rails. Also include a tiny script to help in this effort. Tomas Pospisek provided the patch. (closes: #499187) -- Ubuntu Archive Auto-Sync <email address hidden> Wed, 29 Apr 2009 12:10:14 +0100
Available diffs
- diff from 2.1.0-6 to 2.2.2-1 (1.3 MiB)
rails (2.1.0-6) unstable; urgency=high * Some browsers may submit 'text/plain' content type as part of POST request. ActionController passed these requests through, sidestepping the CSRF protection given by protect_from_forgery. Patch from upstream removes 'text/plain' encoding from the "ignore list". -- Ubuntu Archive Auto-Sync <email address hidden> Wed, 19 Nov 2008 13:53:37 +0000
Available diffs
- diff from 2.1.0-5 to 2.1.0-6 (694 bytes)
rails (2.1.0-5) unstable; urgency=high * Sanitize the URLs passed to redirect_to to prevent a potential response splitting attack. Patch from upstream. -- Ubuntu Archive Auto-Sync <email address hidden> Wed, 05 Nov 2008 17:55:42 +0000
Available diffs
- diff from 2.1.0-4 to 2.1.0-5 (782 bytes)
rails (2.1.0-4) unstable; urgency=low * Added a fix for binary data corruption with PostgreSQL backend. This occurred whenever the binary data included ASCII value of \ followed by three numbers. * The fix in ActiveRecord to address SQL injection in :limit and :offset was not complete. MySQL backend was still affected as it redefined the problematic functions. Pulled in upstream patch.
Available diffs
- diff from 2.1.0-2 to 2.1.0-4 (3.1 KiB)
rails (2.1.0-2) unstable; urgency=low * Remove dependency on rubygems for the build process. (closes: #490419) * Use also use Debian supplied gems 'builder' and 'xml-simple' instead of using the upstream's supplied version, which is redundant. * Remove extraneous depends on rubygems. It is already depended on through libruby1.8-extras (closes: #491125) -- Scott Kitterman <email address hidden> Thu, 24 Jul 2008 08:55:14 +0100
Available diffs
- diff from 2.1.0-1ubuntu1 to 2.1.0-2 (1.8 KiB)
Superseded in intrepid-release |
rails (2.1.0-1ubuntu1) intrepid; urgency=low [ Ryan Niebur ] * Non-maintainer upload. * NMU to fix RC bugs. * Build depend on rubygems (closes: #490419) * Depend on the rubygems package in sid or the one in lenny (closes: #491125) [ Scott Kitterman ] * Update to rails 2.1 and grab proposed NMU for Ubuntu so it builds (LP: #236966)
Available diffs
- diff from 2.0.2-2 to 2.1.0-1ubuntu1 (906.0 KiB)
rails (2.0.2-2) unstable; urgency=low * Added upstream patch from ticket #11127 to support the newer ruby-pg. (closes: #476449) * Added dependency on rubygems (closes: #468206) * Sqlite3 is now the default DB used, if another is not specified when the project is initially created. (closes: #468803)
rails (2.0.2-1ubuntu1) hardy; urgency=low * Post Feature Freeze upload (LP: #198160) * Change maintainer to MOTU * Add 20_fix_cp.dpatch to fix copy in doc package build and avoid FTBFS - Patch thanks to Michael Milligan
rails (1.2.4-1ubuntu1.1) gutsy-security; urgency=low * SECURITY UPDATE: Session fixation attack via broken :cookie_only attribute. (LP: #173203) * debian/patches/20_CVE-2007-6077: Fix broken session fixation catching. Patch from upstream bug. * References CVE-2007-6077 -- William Grant <email address hidden> Sat, 01 Dec 2007 20:09:54 +1100
rails (1.2.6-1) unstable; urgency=high * New upstream release + Fixes a previous session-fixation attack vector that was not completely fixed (see 1.2.5-1 changelog) [CVE-2007-6077] (closes: #452748) * Use bash systax in bash script instead of ruby syntax. Fixes the -I/--internal parameter so one can pass switches directly to the upstream rails ruby script (closes: #381295, #390886) -- Ubuntu Archive Auto-Sync <email address hidden> Fri, 30 Nov 2007 13:12:19 +0000
rails (1.2.5-1) unstable; urgency=high * This is a new upstream release that addresses problems not corrected in 1.2.4 or regressions. + to_json XSS [CVE-2007-3227] is really closed now + Potential Information Disclosure or DoS with Hash#from_xml [CVE-2007-5379] + Session Fixation attacks. [CVE-2007-5380] URL based sessions are now disabled by default. Session ids are only accepted from cookies by default now. [Micah Anderson] * Urgency set to high due to security issues addressed -- William Grant <email address hidden> Mon, 19 Nov 2007 10:11:03 +0000
rails (1.2.4-1ubuntu1) gutsy; urgency=low * debian/control: + Remove libmocha-ruby1.8 from Depends for rails. It's not included in gutsy and only used for unit tests. + Modify Maintainer value to match DebianMaintainerField spec. * UVF exception: LP: #151078
rails (1.2.3-2) unstable; urgency=low * Add mojo for doc-base document registration thanks to the patch by Remi Vanicat. (closes: 386689) * Upload to Sid now that Etch is out
rails (1.2.1-0ubuntu1) feisty; urgency=low * New upstream release. * Fix debian/rules to deal with the new 1.2 layout. * Fix the 10_localhost patch to apply. * Add Build-Depends on rubygems.
rails (1.1.2-1ubuntu0.1) dapper-security; urgency=low * Add debian/patches/09_routing_security, which fixes a serious data loss problem. (CVE-2006-4111, CVE-2006-4112) * Apply match inline since it is not done automatically at build time. -- Steve Kowalik <email address hidden> Wed, 16 Aug 2006 14:37:17 +0000
rails (1.1.6-1) unstable; urgency=emergency * New upstream 'security hole fix' release + This one fixes the fix in 1.1.5 as that one was still vulnerable. (closes: #382255)
rails (1.1.4-1) unstable; urgency=low * New upstream release * Moved build-depends-indep to build-depends to prevent build failures. -- Ubuntu Archive Auto-Sync <email address hidden> Wed, 12 Jul 2006 14:44:27 +0100
rails (1.1.2-1) unstable; urgency=low * New upstream release * Added support to specify database name (using -D) and to specify options that will be passed to rails script directly (-I). Added these to manpage as well. (closes: #361990) * Depend and build-depend on rake >7.0 (closes: #362890) * Updated standards to version 3.7.2. No changes.
rails (1.0.0-1) unstable; urgency=low * New upstream release + Now handles multiple databases (closes: #341496) * Modified Suggests: to include mod_fcgid (closes: #339953) -- Adam Majer <email address hidden> Thu, 15 Dec 2005 12:40:38 -0600
rails (0.13.1-1) unstable; urgency=low * New upstream release -- Adam Majer <email address hidden> Mon, 11 Jul 2005 10:22:39 -0500
Obsolete in hoary-backports |
rails (0.13.1-1~hoary1) hoary-backports; urgency=low * Automated backport upload; no source changes. -- Ubuntu Archive Auto-Backport <email address hidden> Wed, 3 Aug 2005 17:16:56 +0100
rails (0.11.1-2) unstable; urgency=low * Fixed the Inflector patch -- Adam Majer <email address hidden> Wed, 30 Mar 2005 17:29:29 -0600
76 → 116 of 116 results | First • Previous • Next • Last |