diff options
Diffstat (limited to 'actionpack')
-rw-r--r-- | actionpack/CHANGELOG.md | 14 | ||||
-rw-r--r-- | actionpack/lib/action_pack/version.rb | 2 |
2 files changed, 15 insertions, 1 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md index 6269123de3..1264e859b3 100644 --- a/actionpack/CHANGELOG.md +++ b/actionpack/CHANGELOG.md @@ -1,3 +1,16 @@ +## Rails 3.2.18 (May 6, 2014) ## + +* Only accept actions without File::SEPARATOR in the name. + + This will avoid directory traversal in implicit render. + + Fixes: CVE-2014-0130 + + *Rafael Mendonça França* + + +## Rails 3.2.17 (Feb 18, 2014) ## + * Use the reference for the mime type to get the format Fixes: CVE-2014-0082 @@ -6,6 +19,7 @@ Fixes: CVE-2014-0081 + ## Rails 3.2.16 (Dec 12, 2013) ## * Deep Munge the parameters for GET and POST Fixes CVE-2013-6417 diff --git a/actionpack/lib/action_pack/version.rb b/actionpack/lib/action_pack/version.rb index 4d278814c8..ac6d3343b9 100644 --- a/actionpack/lib/action_pack/version.rb +++ b/actionpack/lib/action_pack/version.rb @@ -2,7 +2,7 @@ module ActionPack module VERSION #:nodoc: MAJOR = 3 MINOR = 2 - TINY = 17 + TINY = 18 PRE = nil STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.') |