diff options
author | Rafael Mendonça França <rafaelmfranca@gmail.com> | 2014-02-18 15:08:16 -0300 |
---|---|---|
committer | Rafael Mendonça França <rafaelmfranca@gmail.com> | 2014-02-18 15:16:57 -0300 |
commit | 666e9f65bdfeb6cc5aa80b6254608adc3d7845ce (patch) | |
tree | 5ac7aa64b04b1805dc839a257fe2865be7bdddee /actionpack/CHANGELOG.md | |
parent | 388d2f88886e4da8cc9fd9e14c80a4021ef47da1 (diff) | |
download | rails-666e9f65bdfeb6cc5aa80b6254608adc3d7845ce.tar.gz rails-666e9f65bdfeb6cc5aa80b6254608adc3d7845ce.tar.bz2 rails-666e9f65bdfeb6cc5aa80b6254608adc3d7845ce.zip |
Preparing for 3.2.17 release
Diffstat (limited to 'actionpack/CHANGELOG.md')
-rw-r--r-- | actionpack/CHANGELOG.md | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md index ff72af724b..6269123de3 100644 --- a/actionpack/CHANGELOG.md +++ b/actionpack/CHANGELOG.md @@ -1,3 +1,13 @@ +* Use the reference for the mime type to get the format + + Fixes: CVE-2014-0082 + +* Escape format, negative_format and units options of number helpers + + Fixes: CVE-2014-0081 + +## Rails 3.2.16 (Dec 12, 2013) ## + * Deep Munge the parameters for GET and POST Fixes CVE-2013-6417 * Stop using i18n's built in HTML error handling. Fixes: CVE-2013-4491 |