aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack
diff options
context:
space:
mode:
Diffstat (limited to 'actionpack')
-rw-r--r--actionpack/CHANGELOG.md14
-rw-r--r--actionpack/lib/action_pack/version.rb2
2 files changed, 15 insertions, 1 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md
index 6269123de3..1264e859b3 100644
--- a/actionpack/CHANGELOG.md
+++ b/actionpack/CHANGELOG.md
@@ -1,3 +1,16 @@
+## Rails 3.2.18 (May 6, 2014) ##
+
+* Only accept actions without File::SEPARATOR in the name.
+
+ This will avoid directory traversal in implicit render.
+
+ Fixes: CVE-2014-0130
+
+ *Rafael Mendonça França*
+
+
+## Rails 3.2.17 (Feb 18, 2014) ##
+
* Use the reference for the mime type to get the format
Fixes: CVE-2014-0082
@@ -6,6 +19,7 @@
Fixes: CVE-2014-0081
+
## Rails 3.2.16 (Dec 12, 2013) ##
* Deep Munge the parameters for GET and POST Fixes CVE-2013-6417
diff --git a/actionpack/lib/action_pack/version.rb b/actionpack/lib/action_pack/version.rb
index 4d278814c8..ac6d3343b9 100644
--- a/actionpack/lib/action_pack/version.rb
+++ b/actionpack/lib/action_pack/version.rb
@@ -2,7 +2,7 @@ module ActionPack
module VERSION #:nodoc:
MAJOR = 3
MINOR = 2
- TINY = 17
+ TINY = 18
PRE = nil
STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-29 07:33:20 +0000