diff options
| author | Rafael Mendonça França <rafaelmfranca@gmail.com> | 2014-02-18 15:08:16 -0300 |
|---|---|---|
| committer | Rafael Mendonça França <rafaelmfranca@gmail.com> | 2014-02-18 15:16:57 -0300 |
| commit | 666e9f65bdfeb6cc5aa80b6254608adc3d7845ce (patch) | |
| tree | 5ac7aa64b04b1805dc839a257fe2865be7bdddee /actionpack | |
| parent | 388d2f88886e4da8cc9fd9e14c80a4021ef47da1 (diff) | |
| download | rails-666e9f65bdfeb6cc5aa80b6254608adc3d7845ce.tar.gz rails-666e9f65bdfeb6cc5aa80b6254608adc3d7845ce.tar.bz2 rails-666e9f65bdfeb6cc5aa80b6254608adc3d7845ce.zip | |
Preparing for 3.2.17 release
Diffstat (limited to 'actionpack')
| -rw-r--r-- | actionpack/CHANGELOG.md | 10 | ||||
| -rw-r--r-- | actionpack/lib/action_pack/version.rb | 2 |
2 files changed, 11 insertions, 1 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md index ff72af724b..6269123de3 100644 --- a/actionpack/CHANGELOG.md +++ b/actionpack/CHANGELOG.md @@ -1,3 +1,13 @@ +* Use the reference for the mime type to get the format + + Fixes: CVE-2014-0082 + +* Escape format, negative_format and units options of number helpers + + Fixes: CVE-2014-0081 + +## Rails 3.2.16 (Dec 12, 2013) ## + * Deep Munge the parameters for GET and POST Fixes CVE-2013-6417 * Stop using i18n's built in HTML error handling. Fixes: CVE-2013-4491 diff --git a/actionpack/lib/action_pack/version.rb b/actionpack/lib/action_pack/version.rb index 33d221e091..4d278814c8 100644 --- a/actionpack/lib/action_pack/version.rb +++ b/actionpack/lib/action_pack/version.rb @@ -2,7 +2,7 @@ module ActionPack module VERSION #:nodoc: MAJOR = 3 MINOR = 2 - TINY = 16 + TINY = 17 PRE = nil STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.') |