diff options
author | Aaron Patterson <aaron.patterson@gmail.com> | 2013-12-02 16:17:19 -0800 |
---|---|---|
committer | Aaron Patterson <aaron.patterson@gmail.com> | 2013-12-02 16:17:19 -0800 |
commit | 64226302d82493d9bf67aa9e4fa52b4e0269ee3d (patch) | |
tree | 11f50b067e052b8caef58122df76634ad5c1b316 /actionpack/CHANGELOG.md | |
parent | d5a4095ca5725d5eebcce153d7d0738375146cef (diff) | |
download | rails-64226302d82493d9bf67aa9e4fa52b4e0269ee3d.tar.gz rails-64226302d82493d9bf67aa9e4fa52b4e0269ee3d.tar.bz2 rails-64226302d82493d9bf67aa9e4fa52b4e0269ee3d.zip |
updating the changelog
Diffstat (limited to 'actionpack/CHANGELOG.md')
-rw-r--r-- | actionpack/CHANGELOG.md | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md index ca2a14535c..ff72af724b 100644 --- a/actionpack/CHANGELOG.md +++ b/actionpack/CHANGELOG.md @@ -1,3 +1,11 @@ +* Deep Munge the parameters for GET and POST Fixes CVE-2013-6417 + +* Stop using i18n's built in HTML error handling. Fixes: CVE-2013-4491 + +* Escape the unit value provided to number_to_currency Fixes CVE-2013-6415 + +* Only use valid mime type symbols as cache keys CVE-2013-6414 + ## Rails 3.2.15 (Oct 16, 2013) ## * Fix `ActionDispatch::RemoteIp::GetIp#calculate_ip` to only check for spoofing |