updating the changelog

author: Aaron Patterson <aaron.patterson@gmail.com> 2013-12-02 16:17:19 -0800
committer: Aaron Patterson <aaron.patterson@gmail.com> 2013-12-02 16:17:19 -0800
commit: 64226302d82493d9bf67aa9e4fa52b4e0269ee3d (patch)
tree: 11f50b067e052b8caef58122df76634ad5c1b316 /actionpack/CHANGELOG.md
parent: d5a4095ca5725d5eebcce153d7d0738375146cef (diff)
download: rails-64226302d82493d9bf67aa9e4fa52b4e0269ee3d.tar.gz
rails-64226302d82493d9bf67aa9e4fa52b4e0269ee3d.tar.bz2
rails-64226302d82493d9bf67aa9e4fa52b4e0269ee3d.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md
index ca2a14535c..ff72af724b 100644
--- a/actionpack/CHANGELOG.md
+++ b/actionpack/CHANGELOG.md
@@ -1,3 +1,11 @@
+*   Deep Munge the parameters for GET and POST Fixes CVE-2013-6417
+
+*   Stop using i18n's built in HTML error handling.  Fixes: CVE-2013-4491
+
+*   Escape the unit value provided to number_to_currency Fixes CVE-2013-6415
+
+*   Only use valid mime type symbols as cache keys CVE-2013-6414
+
 ## Rails 3.2.15 (Oct 16, 2013) ##
 
 *   Fix `ActionDispatch::RemoteIp::GetIp#calculate_ip` to only check for spoofing
author	Aaron Patterson <aaron.patterson@gmail.com>	2013-12-02 16:17:19 -0800
committer	Aaron Patterson <aaron.patterson@gmail.com>	2013-12-02 16:17:19 -0800
commit	64226302d82493d9bf67aa9e4fa52b4e0269ee3d (patch)
tree	11f50b067e052b8caef58122df76634ad5c1b316 /actionpack/CHANGELOG.md
parent	d5a4095ca5725d5eebcce153d7d0738375146cef (diff)
download	rails-64226302d82493d9bf67aa9e4fa52b4e0269ee3d.tar.gz rails-64226302d82493d9bf67aa9e4fa52b4e0269ee3d.tar.bz2 rails-64226302d82493d9bf67aa9e4fa52b4e0269ee3d.zip