diff options
author | Vijay Dev <vijaydev.cse@gmail.com> | 2011-12-18 19:36:32 +0530 |
---|---|---|
committer | Vijay Dev <vijaydev.cse@gmail.com> | 2011-12-18 19:36:32 +0530 |
commit | aa0286ecbc7ddbb386590274c8756e5364415b9e (patch) | |
tree | bd9d59c4555b2e9e37d75aad19b42615563c4d2e /actionpack | |
parent | 2bc8e5713764b2276036fecfd7f297132597fddb (diff) | |
download | rails-aa0286ecbc7ddbb386590274c8756e5364415b9e.tar.gz rails-aa0286ecbc7ddbb386590274c8756e5364415b9e.tar.bz2 rails-aa0286ecbc7ddbb386590274c8756e5364415b9e.zip |
Revert "Update master changelogs with rails 3.0-stable branch info"
This reverts commit 2bc8e5713764b2276036fecfd7f297132597fddb.
Reason: Changelogs are not meant to be changed in docrails.
Diffstat (limited to 'actionpack')
-rw-r--r-- | actionpack/CHANGELOG.md | 92 |
1 files changed, 1 insertions, 91 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md index 008071b701..b753addef4 100644 --- a/actionpack/CHANGELOG.md +++ b/actionpack/CHANGELOG.md @@ -424,102 +424,12 @@ * Add Rack::Cache to the default stack. Create a Rails store that delegates to the Rails cache, so by default, whatever caching layer you are using will be used for HTTP caching. Note that Rack::Cache will be used if you use #expires_in, #fresh_when or #stale with :public => true. Otherwise, the caching rules will apply to the browser only. *Yehuda Katz, Carl Lerche* -## Rails 3.0.12 (unreleased) ## - -* Fix using `tranlate` helper with a html translation which uses the `:count` option for - pluralization. - - *Jon Leighton* - - -## Rails 3.0.11 (November 18, 2011) ## - -* Fix XSS security vulnerability in the `translate` helper method. When using interpolation - in combination with HTML-safe translations, the interpolated input would not get HTML - escaped. *GH 3664* - - Before: - - translate('foo_html', :something => '<script>') # => "...<script>..." - - After: - - translate('foo_html', :something => '<script>') # => "...<script>..." - - *Sergey Nartimov* - -* Implement a workaround for a bug in ruby-1.9.3p0 where an error would be - raised while attempting to convert a template from one encoding to another. - - Please see http://redmine.ruby-lang.org/issues/5564 for details of the bug. - - The workaround is to load all conversions into memory ahead of time, and will - only happen if the ruby version is exactly 1.9.3p0. The hope is obviously - that the underlying problem will be resolved in the next patchlevel release - of 1.9.3. - -* Fix assert_select_email to work on multipart and non-multipart emails as the method stopped working correctly in Rails 3.x due to changes in the new mail gem. - -* Fix url_for when passed a hash to prevent additional options (eg. :host, :protocol) from being added to the hash after calling it. - - -## Rails 3.0.10 (August 16, 2011) ## - -* Fixes an issue where cache sweepers with only after filters would have no - controller object, it would raise undefined method controller_name for nil [jeroenj] - -* Ensure status codes are logged when exceptions are raised. - -* Subclasses of OutputBuffer are respected. - -* Fixed ActionView::FormOptionsHelper#select with :multiple => false - -* Avoid extra call to Cache#read in case of a fragment cache hit - - -## Rails 3.0.9 (June 16, 2011) ## - -* json_escape will now return a SafeBuffer string if it receives SafeBuffer string [tenderlove] - -* Make sure escape_js returns SafeBuffer string if it receives SafeBuffer string [Prem Sichanugrist] - -* Fix text helpers to work correctly with the new SafeBuffer restriction [Paul Gallagher, Arun Agrawal, Prem Sichanugrist] - - -## Rails 3.0.8 (June 7, 2011) ## - -* It is prohibited to perform a in-place SafeBuffer mutation [tenderlove] - - The old behavior of SafeBuffer allowed you to mutate string in place via - method like `sub!`. These methods can add unsafe strings to a safe buffer, - and the safe buffer will continue to be marked as safe. - - An example problem would be something like this: - - <%= link_to('hello world', @user).sub!(/hello/, params[:xss]) %> - - In the above example, an untrusted string (`params[:xss]`) is added to the - safe buffer returned by `link_to`, and the untrusted content is successfully - sent to the client without being escaped. To prevent this from happening - `sub!` and other similar methods will now raise an exception when they are called on a safe buffer. - - In addition to the in-place versions, some of the versions of these methods which return a copy of the string will incorrectly mark strings as safe. For example: - - <%= link_to('hello world', @user).sub(/hello/, params[:xss]) %> - - The new versions will now ensure that *all* strings returned by these methods on safe buffers are marked unsafe. - - You can read more about this change in http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2e516e7acc96c4fb - -* Fixed github issue #342 with asset paths and relative roots. - - ## Rails 3.0.7 (April 18, 2011) ## * No changes. -## Rails 3.0.6 (April 5, 2011) ## +* Rails 3.0.6 (April 5, 2011) * Fixed XSS vulnerability in `auto_link`. `auto_link` no longer marks input as html safe. Please make sure that calls to auto_link() are wrapped in a |