kolan
/
obsolete.ChilliProject
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
5,087 Commits 5 Branches 46 Tags 17 MiB
Commit Graph

5087 Commits

Author SHA1 Message Date
Holger Just 2f84fa09e3 Bump version to 2.11.0 2013-03-19 22:40:32 +01:00
Holger Just 42be802538 Update changelog for 2.11.0 2013-03-19 22:40:06 +01:00
Holger Just f4b07f2615 Bump Rails to 2.3.18 #1252 2013-03-19 22:39:11 +01:00
Holger Just 60b699eb3c Bump version to v2.10.0 2013-02-13 16:35:03 +01:00
Holger Just 79ad316f1b Update changelog for v2.10.0 release 2013-02-13 16:35:03 +01:00
Holger Just 5d983174e5 Adapt tests for escaping of ' introduced in Rails 2.3.16 
Conflicts:
	test/integration/application_test.rb
	test/unit/lib/chili_project/liquid_test.rb
	test/unit/mail_handler_test.rb
 2013-02-13 16:33:31 +01:00
Holger Just c7554740af Remove monkey patch which is already included in Rails 2.3.17 #1233 2013-02-13 15:58:37 +01:00
Holger Just 3265c3faaa Bump json gem to a safe version for CVE-2013-0269, CVE-2013-0333 2013-02-13 15:58:02 +01:00
Holger Just 296db9272c Don't set YAML on serialized fields #1233 2013-02-13 15:57:06 +01:00
Holger Just 3eae0584ae Bump Rails to 2.3.17 #1233 2013-02-13 15:56:45 +01:00
Holger Just f02ef4b929 Improve on broken MySQL handling of login tokens #1234 2013-02-13 15:55:30 +01:00
Felix Schäfer 4424841784 Bump version to v2.9.0 2013-01-29 23:13:50 +01:00
Felix Schäfer 2b8ec7c80f Update Changelog for v2.9.0 2013-01-29 23:13:16 +01:00
Felix Schäfer 066f616210 Remove Rails patches which are already included in Rails 2.3.16 #1219 2013-01-29 23:11:27 +01:00
Felix Schäfer 8ea58b6fd5 Bump Rails version to 2.3.16 #1219 2013-01-29 23:11:07 +01:00
Holger Just bfdc43ba73 Bump version to v2.8.1 2013-01-16 23:29:13 +01:00
Holger Just 2b909243ee Update Changelog for v2.8.1 2013-01-16 23:28:51 +01:00
Holger Just b7a82ac691 Fix for CVE-2013-0155 in Rails 2013-01-16 23:27:30 +01:00
Holger Just 964d19cc57 Bump version to 2.8.0 2013-01-09 14:11:46 +01:00
Holger Just dd945c78c3 Update Changelog for v2.8.0 2013-01-09 14:11:18 +01:00
Holger Just 41e349888b Remove Rails patches which are already included in Rails 2.3.15 #1200 2013-01-09 14:11:18 +01:00
Holger Just dca36c222a Bump Rails version to 2.3.15 #1200 2013-01-09 14:11:18 +01:00
Holger Just 524ef942d9 Bump version to v2.7.4 2013-01-06 23:56:43 +01:00
Holger Just e06dd303db Update Changelog for v2.7.4 2013-01-06 23:56:23 +01:00
Holger Just e2bc4e905a Update Copyright for 2013 
We programmers have a nice new years tradition: We revisit all of
our projects and add 1 to a small number near a "(c)".

-- Volker Dusch
https://twitter.com/__edorian/status/153801913442373633
 2013-01-06 23:52:16 +01:00
Holger Just 6ece1687de Fix XSS vulnerabilities in Rails (CVE-2012-3464, CVE-2012-3465) #1113 #1114 2013-01-06 23:50:49 +01:00
Holger Just 6d87b8b297 SQL Injection Vulnerability in Ruby on Rails (CVE-2012-5664) #1195 2013-01-06 23:50:32 +01:00
Holger Just bd509a4008 Bump version to 2.7.3 2012-06-13 10:29:12 +02:00
Holger Just b0ec4c140d Update changelog for v2.7.3 2012-06-13 10:28:55 +02:00
Holger Just e178f1ce9c Fix SQL injection via nested hashes in conditions. CVE-2012-2695 #1037 2012-06-13 10:27:30 +02:00
Holger Just c3d3bec47f Fix SQL injection via nested hashes in conditions (CVE-2012-2694) #1036 2012-06-13 10:27:21 +02:00
Holger Just 8d56d32774 Bump to 2.7.2 2012-06-09 18:17:46 +02:00
Holger Just 4456440535 Update changelog for v2.7.2 2012-06-09 18:17:14 +02:00
Holger Just f959b9bdb9 [#1025] Fix Rails vulnerability (CVE-2012-2660) 2012-06-09 18:03:41 +02:00
Holger Just 9d32e68ec0 Bump version to 2.7.1 2012-04-04 14:09:08 +02:00
Jean-Philippe Lang 80289c5a70 Set user_id as a protected attribute (#922). 2012-04-04 14:06:01 +02:00
Jean-Philippe Lang 902c624b47 Prevent mass-assignment vulnerability when adding/updating a wiki (#922). 2012-04-04 14:06:00 +02:00
Jean-Philippe Lang aee7d7315b Prevent mass-assignment vulnerability when adding/updating a version (#922). 2012-04-04 14:05:41 +02:00
Jean-Philippe Lang 1f10817444 Prevent mass-assignment vulnerability when adding/updating a time entry (#922). 2012-04-04 13:39:37 +02:00
Jean-Philippe Lang ea3ff66b8e Use safe_attributes= just like in #create. (#922) 2012-04-04 13:39:37 +02:00
Jean-Philippe Lang ee99b2de03 Prevent mass-assignment vulnerability when adding/updating a news (#922). 2012-04-04 13:39:37 +02:00
Jean-Philippe Lang 4c322d379e Prevent mass-assignment vulnerability when adding/updating a forum message (#922). 2012-04-04 13:39:36 +02:00
Jean-Philippe Lang f12b9fca08 Prevent mass-assignment vulnerability when adding a project member (#922). 2012-04-04 13:39:36 +02:00
Jean-Philippe Lang 296b3173ef Prevent mass-assignment vulnerability when adding/updating an issue category (#922). 2012-04-04 13:39:20 +02:00
Jean-Philippe Lang c651ba1a98 Prevent mass-assignment vulnerability when adding/updating a document (#922). 
Conflicts:

	app/controllers/documents_controller.rb
 2012-04-04 13:30:21 +02:00
Holger Just ad996d7839 Merge branch 'release-v2.7.0' into stable 2012-02-06 23:40:10 +01:00
Holger Just 608fd61138 Bump version to 2.7.0 2012-02-06 23:36:58 +01:00
Holger Just a059cb4892 Update changelog for 2.7.0 release 2012-02-06 23:36:29 +01:00
Holger Just aa5be5132d [#593] Generate wiki content notifications in the JournalObserver - backported for 2.7 
This will prevent the usage of the wrong wiki_content status.

The code is not overly pretty and deserves a thorough refactoring, but at
least it solves the problem at hand.
 2012-02-06 22:54:53 +01:00
Holger Just 6fd9bc490f [#849 #789] Remove config.ru - Backport for 2.7 
Rails 2.3 doesn't work well as a rack-only app
 2012-02-06 22:50:38 +01:00