aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/CHANGELOG.md
diff options
context:
space:
mode:
Diffstat (limited to 'actionpack/CHANGELOG.md')
-rw-r--r--actionpack/CHANGELOG.md51
1 files changed, 51 insertions, 0 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md
index 2b22041b3b..c30217b8fe 100644
--- a/actionpack/CHANGELOG.md
+++ b/actionpack/CHANGELOG.md
@@ -1,3 +1,52 @@
+* Allows ActionDispatch::Request::LOCALHOST to match any IPv4 127.0.0.0/8
+ loopback address.
+
+ *Earl St Sauver*, *Sven Riedel*
+
+* Preserve original path in `ShowExceptions` middleware by stashing it as
+ `env["action_dispatch.original_path"]`
+
+ `ActionDispatch::ShowExceptions` overwrites `PATH_INFO` with the status code
+ for the exception defined in `ExceptionWrapper`, so the path
+ the user was visiting when an exception occurred was not previously
+ available to any custom exceptions_app. The original `PATH_INFO` is now
+ stashed in `env["action_dispatch.original_path"]`.
+
+ *Grey Baker*
+
+* Use `String#bytesize` instead of `String#size` when checking for cookie
+ overflow.
+
+ *Agis Anastasopoulos*
+
+* `render nothing: true` or rendering a `nil` body no longer add a single
+ space to the response body.
+
+ The old behavior was added as a workaround for a bug in an early version of
+ Safari, where the HTTP headers are not returned correctly if the response
+ body has a 0-length. This is been fixed since and the workaround is no
+ longer necessary.
+
+ Use `render body: ' '` if the old behavior is desired.
+
+ See #14883 for details.
+
+ *Godfrey Chan*
+
+* Prepend a JS comment to JSONP callbacks. Addresses CVE-2014-4671
+ ("Rosetta Flash")
+
+ *Greg Campbell*
+
+* Because URI paths may contain non US-ASCII characters we need to force
+ the encoding of any unescaped URIs to UTF-8 if they are US-ASCII.
+ This essentially replicates the functionality of the monkey patch to
+ URI.parser.unescape in active_support/core_ext/uri.rb.
+
+ Fixes #16104.
+
+ *Karl Entwistle*
+
* Generate shallow paths for all children of shallow resources.
Fixes #15783.
@@ -45,6 +94,8 @@
application. Use of a symbol should be replaced with `action: symbol`.
Use of a string without a "#" should be replaced with `controller: string`.
+ *Aaron Patterson*
+
* Fix URL generation with `:trailing_slash` such that it does not add
a trailing slash after `.:format`
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-21 16:26:22 +0000