diff options
-rw-r--r-- | actionpack/CHANGELOG.md | 3 | ||||
-rw-r--r-- | activerecord/CHANGELOG.md | 3 |
2 files changed, 6 insertions, 0 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md index 1ec3a954fb..6f737001de 100644 --- a/actionpack/CHANGELOG.md +++ b/actionpack/CHANGELOG.md @@ -21,6 +21,9 @@ * Fix the redirect when it receive blocks with arity of 1. Closes #5677 +* Strip [nil] from parameters hash. Thanks to Ben Murphy for + reporting this! CVE-2012-2660 + ## Rails 3.2.3 (March 30, 2012) ## * Allow to lazy load `default_form_builder` by passing a `String` instead of a constant. *Piotr Sarnacki* diff --git a/activerecord/CHANGELOG.md b/activerecord/CHANGELOG.md index 4c81698517..6767fb74f5 100644 --- a/activerecord/CHANGELOG.md +++ b/activerecord/CHANGELOG.md @@ -13,6 +13,9 @@ * Fix #5667. Preloading should ignore scoping. +* Predicate builder should not recurse for determining where columns. + Thanks to Ben Murphy for reporting this! CVE-2012-2661 + ## Rails 3.2.3 (March 30, 2012) ## * Added find_or_create_by_{attribute}! dynamic method. *Andrew White* |