Merge branch '3-2-sec' into 3-2-stable

18 files changed, 58 insertions, 12 deletions

diff --git a/RAILS_VERSION b/RAILS_VERSION
index f05489d385..100838dc41 100644
--- a/RAILS_VERSION
+++ b/RAILS_VERSION
@@ -1 +1 @@
-3.2.18
+3.2.19
diff --git a/actionmailer/CHANGELOG.md b/actionmailer/CHANGELOG.md
index 94d3f54bea..d7ed55ef4c 100644
--- a/actionmailer/CHANGELOG.md
+++ b/actionmailer/CHANGELOG.md
@@ -1,3 +1,8 @@
+## Rails 3.2.19 (Jul 2, 2014) ##
+
+* No changes.
+
+
 ## Rails 3.2.18 (May 6, 2014) ##
 
 * No changes.
diff --git a/actionmailer/lib/action_mailer/version.rb b/actionmailer/lib/action_mailer/version.rb
index 8212a9b108..f769dcacfd 100644
--- a/actionmailer/lib/action_mailer/version.rb
+++ b/actionmailer/lib/action_mailer/version.rb
@@ -2,7 +2,7 @@ module ActionMailer
   module VERSION #:nodoc:
     MAJOR = 3
     MINOR = 2
-    TINY  = 18
+    TINY  = 19
     PRE   = nil
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md
index 643e926312..15fc0af20e 100644
--- a/actionpack/CHANGELOG.md
+++ b/actionpack/CHANGELOG.md
@@ -1,3 +1,5 @@
+## Rails 3.2.19 (Jul 2, 2014) ##
+
 *   Fix regression when using `ActionView::Helpers::TranslationHelper#translate` with
     `options[:raise]`.
 
diff --git a/actionpack/lib/action_pack/version.rb b/actionpack/lib/action_pack/version.rb
index ac6d3343b9..3dc00b99fe 100644
--- a/actionpack/lib/action_pack/version.rb
+++ b/actionpack/lib/action_pack/version.rb
@@ -2,7 +2,7 @@ module ActionPack
   module VERSION #:nodoc:
     MAJOR = 3
     MINOR = 2
-    TINY  = 18
+    TINY  = 19
     PRE   = nil
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
diff --git a/activemodel/CHANGELOG.md b/activemodel/CHANGELOG.md
index fb4bfda149..4f2e4e1959 100644
--- a/activemodel/CHANGELOG.md
+++ b/activemodel/CHANGELOG.md
@@ -1,3 +1,8 @@
+## Rails 3.2.19 (Jul 2, 2014) ##
+
+* No changes.
+
+
 ## Rails 3.2.18 (May 6, 2014) ##
 
 * No changes.
diff --git a/activemodel/lib/active_model/version.rb b/activemodel/lib/active_model/version.rb
index e675c7454c..3137205802 100644
--- a/activemodel/lib/active_model/version.rb
+++ b/activemodel/lib/active_model/version.rb
@@ -2,7 +2,7 @@ module ActiveModel
   module VERSION #:nodoc:
     MAJOR = 3
     MINOR = 2
-    TINY  = 18
+    TINY  = 19
     PRE   = nil
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
diff --git a/activerecord/CHANGELOG.md b/activerecord/CHANGELOG.md
index 6ac368f379..0334f4454e 100644
--- a/activerecord/CHANGELOG.md
+++ b/activerecord/CHANGELOG.md
@@ -1,3 +1,12 @@
+## Rails 3.2.19 (Jul 2, 2014) ##
+
+*   Fix SQL Injection Vulnerability in 'bitstring' quoting.
+
+    Fixes CVE-2014-3482.
+
+    *Rafael Mendonça França*
+
+
 ## Rails 3.2.18 (May 6, 2014) ##
 
 * No changes.
diff --git a/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb b/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb
index e98337e7d5..3cd65d0bf5 100644
--- a/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb
+++ b/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb
@@ -442,8 +442,8 @@ module ActiveRecord
           when 'xml'   then "xml '#{quote_string(value)}'"
           when /^bit/
             case value
-            when /^[01]*$/      then "B'#{value}'" # Bit-string notation
-            when /^[0-9A-F]*$/i then "X'#{value}'" # Hexadecimal notation
+            when /\A[01]*\Z/      then "B'#{value}'" # Bit-string notation
+            when /\A[0-9A-F]*\Z/i then "X'#{value}'" # Hexadecimal notation
             end
           else
             super
@@ -1160,7 +1160,7 @@ module ActiveRecord
         FEATURE_NOT_SUPPORTED = "0A000" # :nodoc:
 
         def exec_no_cache(sql, binds)
-          @connection.async_exec(sql)
+          @connection.async_exec(sql, [])
         end
 
         def exec_cache(sql, binds)
diff --git a/activerecord/lib/active_record/version.rb b/activerecord/lib/active_record/version.rb
index 3dd782af9f..cc73a14f7c 100644
--- a/activerecord/lib/active_record/version.rb
+++ b/activerecord/lib/active_record/version.rb
@@ -2,7 +2,7 @@ module ActiveRecord
   module VERSION #:nodoc:
     MAJOR = 3
     MINOR = 2
-    TINY  = 18
+    TINY  = 19
     PRE   = nil
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
diff --git a/activerecord/test/cases/adapters/postgresql/quoting_test.rb b/activerecord/test/cases/adapters/postgresql/quoting_test.rb
index 172055f15c..cfdf16d48d 100644
--- a/activerecord/test/cases/adapters/postgresql/quoting_test.rb
+++ b/activerecord/test/cases/adapters/postgresql/quoting_test.rb
@@ -19,6 +19,11 @@ module ActiveRecord
           assert_equal 'f', @conn.type_cast(false, nil)
           assert_equal 'f', @conn.type_cast(false, c)
         end
+
+        def test_quote_bit_string
+          c = PostgreSQLColumn.new(nil, 1, 'bit')
+          assert_equal nil, @conn.quote("'); SELECT * FORM users; /*\n01\n*/--", c)
+        end
       end
     end
   end
diff --git a/activeresource/CHANGELOG.md b/activeresource/CHANGELOG.md
index 4a555cf6b8..64509399e8 100644
--- a/activeresource/CHANGELOG.md
+++ b/activeresource/CHANGELOG.md
@@ -1,3 +1,8 @@
+## Rails 3.2.19 (Jul 2, 2014) ##
+
+* No changes.
+
+
 ## Rails 3.2.18 (May 6, 2014) ##
 
 * No changes.
diff --git a/activeresource/lib/active_resource/version.rb b/activeresource/lib/active_resource/version.rb
index dee96b8fd8..5e8910f386 100644
--- a/activeresource/lib/active_resource/version.rb
+++ b/activeresource/lib/active_resource/version.rb
@@ -2,7 +2,7 @@ module ActiveResource
   module VERSION #:nodoc:
     MAJOR = 3
     MINOR = 2
-    TINY  = 18
+    TINY  = 19
     PRE   = nil
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
diff --git a/activesupport/CHANGELOG.md b/activesupport/CHANGELOG.md
index e22aded195..6123be4ab4 100644
--- a/activesupport/CHANGELOG.md
+++ b/activesupport/CHANGELOG.md
@@ -1,3 +1,13 @@
+## Rails 3.2.19 (Jul 2, 2014) ##
+
+*   Make sure Active Support configurations are applied correctly.
+
+    Before this change configuration set using `config.active_support`
+    would not be set.
+
+    *Rafael Mendonça França*
+
+
 ## Rails 3.2.18 (May 6, 2014) ##
 
 * No changes.
diff --git a/activesupport/lib/active_support/version.rb b/activesupport/lib/active_support/version.rb
index 10c9fca86c..6fdf950bc0 100644
--- a/activesupport/lib/active_support/version.rb
+++ b/activesupport/lib/active_support/version.rb
@@ -2,7 +2,7 @@ module ActiveSupport
   module VERSION #:nodoc:
     MAJOR = 3
     MINOR = 2
-    TINY  = 18
+    TINY  = 19
     PRE   = nil
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
diff --git a/railties/CHANGELOG.md b/railties/CHANGELOG.md
index ce832d12ee..0ff661cc9f 100644
--- a/railties/CHANGELOG.md
+++ b/railties/CHANGELOG.md
@@ -1,3 +1,8 @@
+## Rails 3.2.19 (Jul 2, 2014) ##
+
+* No changes.
+
+
 ## Rails 3.2.18 (May 6, 2014) ##
 
 * No changes.
diff --git a/railties/lib/rails/version.rb b/railties/lib/rails/version.rb
index ec2f5467f0..ef640c9dab 100644
--- a/railties/lib/rails/version.rb
+++ b/railties/lib/rails/version.rb
@@ -2,7 +2,7 @@ module Rails
   module VERSION #:nodoc:
     MAJOR = 3
     MINOR = 2
-    TINY  = 18
+    TINY  = 19
     PRE   = nil
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
diff --git a/version.rb b/version.rb
index ec2f5467f0..ef640c9dab 100644
--- a/version.rb
+++ b/version.rb
@@ -2,7 +2,7 @@ module Rails
   module VERSION #:nodoc:
     MAJOR = 3
     MINOR = 2
-    TINY  = 18
+    TINY  = 19
     PRE   = nil
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')