prevent users from unknowingly using bad regexps that can compromise security (http://homakov.blogspot.co.uk/2012/05/saferweb-injects-in-various-ruby.html)

author: MrBrdo <mrbrdo@gmail.com> 2012-06-08 00:08:51 +0200
committer: Jan Berdajs <mrbrdo@gmail.com> 2012-06-14 18:10:49 +0200
commit: bc7c0b5c108ef47b24bb91c502429935bb34d214 (patch)
tree: 8080f11a0fa497eec595df065894f36b2db1a8af /activemodel/CHANGELOG.md
parent: f278b067891b3a3e3462e92ada72e8dc5f24797b (diff)
download: rails-bc7c0b5c108ef47b24bb91c502429935bb34d214.tar.gz
rails-bc7c0b5c108ef47b24bb91c502429935bb34d214.tar.bz2
rails-bc7c0b5c108ef47b24bb91c502429935bb34d214.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/activemodel/CHANGELOG.md b/activemodel/CHANGELOG.md
index 5ee439fa3f..847ae7f237 100644
--- a/activemodel/CHANGELOG.md
+++ b/activemodel/CHANGELOG.md
@@ -37,6 +37,11 @@
 
 *   Trim down Active Model API by removing `valid?` and `errors.full_messages` *José Valim*
 
+*   When `^` or `$` are used in the regular expression provided to `validates_format_of` and the :multiline option is not set to true, an exception will be raised. This is to prevent security vulnerabilities when using `validates_format_of`. The problem is described in detail in the Rails security guide.
+
+## Rails 3.2.6 (Jun 12, 2012) ##
+
+*   No changes.
 
 ## Rails 3.2.5 (Jun 1, 2012) ##
author	MrBrdo <mrbrdo@gmail.com>	2012-06-08 00:08:51 +0200
committer	Jan Berdajs <mrbrdo@gmail.com>	2012-06-14 18:10:49 +0200
commit	bc7c0b5c108ef47b24bb91c502429935bb34d214 (patch)
tree	8080f11a0fa497eec595df065894f36b2db1a8af /activemodel/CHANGELOG.md
parent	f278b067891b3a3e3462e92ada72e8dc5f24797b (diff)
download	rails-bc7c0b5c108ef47b24bb91c502429935bb34d214.tar.gz rails-bc7c0b5c108ef47b24bb91c502429935bb34d214.tar.bz2 rails-bc7c0b5c108ef47b24bb91c502429935bb34d214.zip