| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
| |
In Ruby 2.1.1 and later select and reject return a new instance of
Hash rather than the subclass so we need to override them to return
an instance of the correct class.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
this will avoid timing attacks against applications that use basic auth.
Conflicts:
activesupport/lib/active_support/security_utils.rb
Conflicts:
actionpack/lib/action_controller/metal/http_authentication.rb
CVE-2015-7576
|
| |
|
|
|
|
|
|
|
|
|
|
| |
XML documents that are too deep can cause an stack overflow, which in
turn will cause a potential DoS attack.
CVE-2015-3227
Conflicts:
activesupport/lib/active_support/xml_mini.rb
|
|
|
|
|
| |
Check for correct value type in activerecord/fixtures.rb
Check that zone can respond to expected values to make the comparison.
|
|
|
|
|
| |
Instead show a error message asking users to add the gem to their
Gemfile if test-unit could not be loaded.
|
| |
|
|
|
|
|
|
|
|
| |
Due to changes from http://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/39628 current `singleton_class?` implementation fails.
Changed based on reference from http://bugs.ruby-lang.org/issues/7609
Conflicts:
activesupport/lib/active_support/core_ext/class/attribute.rb
|
| |
|
|
|
|
| |
https://github.com/ruby/ruby/commit/d781caaf313b8649948c107bba277e5ad7307314
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
Before this patch configuration set using config.active_support
would not be set.
Closes #15364
|
|
|
|
|
|
|
| |
This reverts commit 6d800a909e24465ca6f3fa5206222fa7d78967f6, reversing
changes made to 6a051299f98ee43864326c6c0a4f7d169d22b3f8.
We don't apply non-security fixes to 3-2-stable branch!!!
|
|
|
| |
File.exists? is a deprecated name, use File.exist?
|
| |
|
| |
|
| |
|
| |
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* 3-2-15:
bumping to rc3
Revert "Merge pull request #12413 from arthurnn/inverse_of_on_build"
Revert "Merge pull request #12443 from arthurnn/add_inverse_of_add_target"
bumping to rc2
Merge pull request #12443 from arthurnn/add_inverse_of_add_target
bumping version to 3.2.15.rc1
Fix STI scopes using benolee's suggestion. Fixes #11939
|
| | |
|
| | |
|
| | |
|
|/
|
|
|
| |
This avoids potential format string vulnerabilities where user-provided
data is interpolated into the log message before String#% is called.
|
|
|
|
|
|
|
| |
Fix FileStore#cleanup to no longer rely on missing each_key method
Conflicts:
activesupport/CHANGELOG.md
activesupport/test/caching_test.rb
|
| |
|
|\ |
|
| | |
|
| | |
|
| | |
|
|/
|
|
|
|
| |
abstracter wraps a TaggedLogging instance.
It's also best practice when overriding method_missing.
|
|
|
|
|
|
|
|
|
|
| |
If the DateTime core extensions were loaded before the Date core extensions
then you would get a superclass mismatch as DateTime hasn't been defined
yet so it gets set to Object by the acts_like core extension.
Fixes #11206
(cherry picked from commit 78f7d5b652000dbb1a11d34fe370c3fa82de840c)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The standard Ruby behavior for Time.at is to return the same type of
time when passing an instance of Time as a single argument. Since the
an ActiveSupport::TimeWithZone instance may be a different timezone than
the system timezone and DateTime just understands offsets the best we
can do is to return an instance of Time with the correct offset.
It also maintains the correct fractional second value as well.
Fixes #11350.
Backports:
484253515c0e05760541dc48946361185c9e6904
1b3873730b96035a238dbff7627bd5942e6dc4e7
|
| |
|
|
|
|
| |
is not provided.
|
| |
|
|
|
|
|
|
|
| |
Time.at allows passing a single Time argument which is then converted
to an integer. The conversion code since 1.9.3r429 explicitly checks
for an instance of Time so we need to override it to allow DateTime
and ActiveSupport::TimeWithZone values.
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 815a9431ab61376a7e8e1bdff21f87bc557992f8.
Conflicts:
activesupport/test/json/encoding_test.rb
Reason: This was causing a regression where the resulting string is always
returning UTF-8. Also it changes the behavior of this method on a stable release.
Fixes #9498.
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* 3-2-13:
bumping to 3.2.13
fix protocol checking in sanitization [CVE-2013-1857]
JDOM XXE Protection [CVE-2013-1856]
fix incorrect ^$ usage leading to XSS in sanitize_css [CVE-2013-1855]
stop calling to_sym when building arel nodes [CVE-2013-1854]
Merge pull request #9616 from exviva/multiple_select_name_double_square_brackets
bumping to rc2
Revert "Merge pull request #8209 from senny/backport_8176"
Freeze columns only once per Result
Preparing for 3.2.13.rc1 release
Update CHANGELOGs for 3.2.13 release.
Conflicts:
actionmailer/CHANGELOG.md
actionpack/CHANGELOG.md
activemodel/CHANGELOG.md
activeresource/CHANGELOG.md
activesupport/CHANGELOG.md
railties/CHANGELOG.md
|