Holger Just
2f84fa09e3
Bump version to 2.11.0
2013-03-19 22:40:32 +01:00
Holger Just
42be802538
Update changelog for 2.11.0
2013-03-19 22:40:06 +01:00
Holger Just
f4b07f2615
Bump Rails to 2.3.18 #1252
2013-03-19 22:39:11 +01:00
Holger Just
60b699eb3c
Bump version to v2.10.0
2013-02-13 16:35:03 +01:00
Holger Just
79ad316f1b
Update changelog for v2.10.0 release
2013-02-13 16:35:03 +01:00
Holger Just
5d983174e5
Adapt tests for escaping of ' introduced in Rails 2.3.16
...
Conflicts:
test/integration/application_test.rb
test/unit/lib/chili_project/liquid_test.rb
test/unit/mail_handler_test.rb
2013-02-13 16:33:31 +01:00
Holger Just
c7554740af
Remove monkey patch which is already included in Rails 2.3.17 #1233
2013-02-13 15:58:37 +01:00
Holger Just
3265c3faaa
Bump json gem to a safe version for CVE-2013-0269, CVE-2013-0333
2013-02-13 15:58:02 +01:00
Holger Just
296db9272c
Don't set YAML on serialized fields #1233
2013-02-13 15:57:06 +01:00
Holger Just
3eae0584ae
Bump Rails to 2.3.17 #1233
2013-02-13 15:56:45 +01:00
Holger Just
f02ef4b929
Improve on broken MySQL handling of login tokens #1234
2013-02-13 15:55:30 +01:00
Felix Schäfer
4424841784
Bump version to v2.9.0
2013-01-29 23:13:50 +01:00
Felix Schäfer
2b8ec7c80f
Update Changelog for v2.9.0
2013-01-29 23:13:16 +01:00
Felix Schäfer
066f616210
Remove Rails patches which are already included in Rails 2.3.16 #1219
2013-01-29 23:11:27 +01:00
Felix Schäfer
8ea58b6fd5
Bump Rails version to 2.3.16 #1219
2013-01-29 23:11:07 +01:00
Holger Just
bfdc43ba73
Bump version to v2.8.1
2013-01-16 23:29:13 +01:00
Holger Just
2b909243ee
Update Changelog for v2.8.1
2013-01-16 23:28:51 +01:00
Holger Just
b7a82ac691
Fix for CVE-2013-0155 in Rails
2013-01-16 23:27:30 +01:00
Holger Just
964d19cc57
Bump version to 2.8.0
2013-01-09 14:11:46 +01:00
Holger Just
dd945c78c3
Update Changelog for v2.8.0
2013-01-09 14:11:18 +01:00
Holger Just
41e349888b
Remove Rails patches which are already included in Rails 2.3.15 #1200
2013-01-09 14:11:18 +01:00
Holger Just
dca36c222a
Bump Rails version to 2.3.15 #1200
2013-01-09 14:11:18 +01:00
Holger Just
524ef942d9
Bump version to v2.7.4
2013-01-06 23:56:43 +01:00
Holger Just
e06dd303db
Update Changelog for v2.7.4
2013-01-06 23:56:23 +01:00
Holger Just
e2bc4e905a
Update Copyright for 2013
...
We programmers have a nice new years tradition: We revisit all of
our projects and add 1 to a small number near a "(c)".
-- Volker Dusch
https://twitter.com/__edorian/status/153801913442373633
2013-01-06 23:52:16 +01:00
Holger Just
6ece1687de
Fix XSS vulnerabilities in Rails (CVE-2012-3464, CVE-2012-3465) #1113 #1114
2013-01-06 23:50:49 +01:00
Holger Just
6d87b8b297
SQL Injection Vulnerability in Ruby on Rails (CVE-2012-5664) #1195
2013-01-06 23:50:32 +01:00
Holger Just
bd509a4008
Bump version to 2.7.3
2012-06-13 10:29:12 +02:00
Holger Just
b0ec4c140d
Update changelog for v2.7.3
2012-06-13 10:28:55 +02:00
Holger Just
e178f1ce9c
Fix SQL injection via nested hashes in conditions. CVE-2012-2695 #1037
2012-06-13 10:27:30 +02:00
Holger Just
c3d3bec47f
Fix SQL injection via nested hashes in conditions (CVE-2012-2694) #1036
2012-06-13 10:27:21 +02:00
Holger Just
8d56d32774
Bump to 2.7.2
2012-06-09 18:17:46 +02:00
Holger Just
4456440535
Update changelog for v2.7.2
2012-06-09 18:17:14 +02:00
Holger Just
f959b9bdb9
[ #1025 ] Fix Rails vulnerability (CVE-2012-2660)
2012-06-09 18:03:41 +02:00
Holger Just
9d32e68ec0
Bump version to 2.7.1
2012-04-04 14:09:08 +02:00
Jean-Philippe Lang
80289c5a70
Set user_id as a protected attribute ( #922 ).
2012-04-04 14:06:01 +02:00
Jean-Philippe Lang
902c624b47
Prevent mass-assignment vulnerability when adding/updating a wiki ( #922 ).
2012-04-04 14:06:00 +02:00
Jean-Philippe Lang
aee7d7315b
Prevent mass-assignment vulnerability when adding/updating a version ( #922 ).
2012-04-04 14:05:41 +02:00
Jean-Philippe Lang
1f10817444
Prevent mass-assignment vulnerability when adding/updating a time entry ( #922 ).
2012-04-04 13:39:37 +02:00
Jean-Philippe Lang
ea3ff66b8e
Use safe_attributes= just like in #create. ( #922 )
2012-04-04 13:39:37 +02:00
Jean-Philippe Lang
ee99b2de03
Prevent mass-assignment vulnerability when adding/updating a news ( #922 ).
2012-04-04 13:39:37 +02:00
Jean-Philippe Lang
4c322d379e
Prevent mass-assignment vulnerability when adding/updating a forum message ( #922 ).
2012-04-04 13:39:36 +02:00
Jean-Philippe Lang
f12b9fca08
Prevent mass-assignment vulnerability when adding a project member ( #922 ).
2012-04-04 13:39:36 +02:00
Jean-Philippe Lang
296b3173ef
Prevent mass-assignment vulnerability when adding/updating an issue category ( #922 ).
2012-04-04 13:39:20 +02:00
Jean-Philippe Lang
c651ba1a98
Prevent mass-assignment vulnerability when adding/updating a document ( #922 ).
...
Conflicts:
app/controllers/documents_controller.rb
2012-04-04 13:30:21 +02:00
Holger Just
ad996d7839
Merge branch 'release-v2.7.0' into stable
2012-02-06 23:40:10 +01:00
Holger Just
608fd61138
Bump version to 2.7.0
2012-02-06 23:36:58 +01:00
Holger Just
a059cb4892
Update changelog for 2.7.0 release
2012-02-06 23:36:29 +01:00
Holger Just
aa5be5132d
[ #593 ] Generate wiki content notifications in the JournalObserver - backported for 2.7
...
This will prevent the usage of the wrong wiki_content status.
The code is not overly pretty and deserves a thorough refactoring, but at
least it solves the problem at hand.
2012-02-06 22:54:53 +01:00
Holger Just
6fd9bc490f
[ #849 #789 ] Remove config.ru - Backport for 2.7
...
Rails 2.3 doesn't work well as a rack-only app
2012-02-06 22:50:38 +01:00