964d19cc57
Bump version to 2.8.0
2013-01-09 14:11:46 +01:00
dd945c78c3
Update Changelog for v2.8.0
2013-01-09 14:11:18 +01:00
41e349888b
Remove Rails patches which are already included in Rails 2.3.15 #1200
2013-01-09 14:11:18 +01:00
dca36c222a
Bump Rails version to 2.3.15 #1200
2013-01-09 14:11:18 +01:00
524ef942d9
Bump version to v2.7.4
2013-01-06 23:56:43 +01:00
e06dd303db
Update Changelog for v2.7.4
2013-01-06 23:56:23 +01:00
e2bc4e905a
Update Copyright for 2013
...
We programmers have a nice new years tradition: We revisit all of
our projects and add 1 to a small number near a "(c)".
-- Volker Dusch
https://twitter.com/__edorian/status/153801913442373633
2013-01-06 23:52:16 +01:00
6ece1687de
Fix XSS vulnerabilities in Rails (CVE-2012-3464, CVE-2012-3465) #1113 #1114
2013-01-06 23:50:49 +01:00
6d87b8b297
SQL Injection Vulnerability in Ruby on Rails (CVE-2012-5664) #1195
2013-01-06 23:50:32 +01:00
bd509a4008
Bump version to 2.7.3
2012-06-13 10:29:12 +02:00
b0ec4c140d
Update changelog for v2.7.3
2012-06-13 10:28:55 +02:00
e178f1ce9c
Fix SQL injection via nested hashes in conditions. CVE-2012-2695 #1037
2012-06-13 10:27:30 +02:00
c3d3bec47f
Fix SQL injection via nested hashes in conditions (CVE-2012-2694) #1036
2012-06-13 10:27:21 +02:00
8d56d32774
Bump to 2.7.2
2012-06-09 18:17:46 +02:00
4456440535
Update changelog for v2.7.2
2012-06-09 18:17:14 +02:00
f959b9bdb9
[ #1025 ] Fix Rails vulnerability (CVE-2012-2660)
2012-06-09 18:03:41 +02:00
9d32e68ec0
Bump version to 2.7.1
2012-04-04 14:09:08 +02:00
80289c5a70
Set user_id as a protected attribute ( #922 ).
2012-04-04 14:06:01 +02:00
902c624b47
Prevent mass-assignment vulnerability when adding/updating a wiki ( #922 ).
2012-04-04 14:06:00 +02:00
aee7d7315b
Prevent mass-assignment vulnerability when adding/updating a version ( #922 ).
2012-04-04 14:05:41 +02:00
1f10817444
Prevent mass-assignment vulnerability when adding/updating a time entry ( #922 ).
2012-04-04 13:39:37 +02:00
ea3ff66b8e
Use safe_attributes= just like in #create. ( #922 )
2012-04-04 13:39:37 +02:00
ee99b2de03
Prevent mass-assignment vulnerability when adding/updating a news ( #922 ).
2012-04-04 13:39:37 +02:00
4c322d379e
Prevent mass-assignment vulnerability when adding/updating a forum message ( #922 ).
2012-04-04 13:39:36 +02:00
f12b9fca08
Prevent mass-assignment vulnerability when adding a project member ( #922 ).
2012-04-04 13:39:36 +02:00
296b3173ef
Prevent mass-assignment vulnerability when adding/updating an issue category ( #922 ).
2012-04-04 13:39:20 +02:00
c651ba1a98
Prevent mass-assignment vulnerability when adding/updating a document ( #922 ).
...
Conflicts:
app/controllers/documents_controller.rb
2012-04-04 13:30:21 +02:00
ad996d7839
Merge branch 'release-v2.7.0' into stable
2012-02-06 23:40:10 +01:00
608fd61138
Bump version to 2.7.0
2012-02-06 23:36:58 +01:00
a059cb4892
Update changelog for 2.7.0 release
2012-02-06 23:36:29 +01:00
aa5be5132d
[ #593 ] Generate wiki content notifications in the JournalObserver - backported for 2.7
...
This will prevent the usage of the wrong wiki_content status.
The code is not overly pretty and deserves a thorough refactoring, but at
least it solves the problem at hand.
2012-02-06 22:54:53 +01:00
6fd9bc490f
[ #849 #789 ] Remove config.ru - Backport for 2.7
...
Rails 2.3 doesn't work well as a rack-only app
2012-02-06 22:50:38 +01:00
f417996ff0
[ #839 ] Remove ruby-debug dependency - Backport for 2.7
...
It completely breaks on Ruby 1.9.3-p0. This is a stopper for people installing all groups. For the rest it is rarely used at all. Developers and testers requiring it can include it into their Gemfile.local
2012-02-06 22:50:10 +01:00
43afcde38d
[ #875 ] Fix typo
2012-02-01 17:26:07 +01:00
58435c82e4
[ #775 ] Remove noisy journals on Attachments and Messages
2012-01-31 16:03:01 +01:00
01fefe8d3b
[ #775 ] Don't create a new journal on parent message on reply
2012-01-31 16:02:56 +01:00
fb595ec7f9
[ #775 ] Don't create a new journal on Attachment#increment_download
2012-01-31 16:02:49 +01:00
11b441f745
Load Gemfiles from vendor/chiliproject_plugins
2012-01-11 12:02:25 +01:00
cd0ea44ff8
[ #822 ] Provide a default log_encoding even if the db column is not present yet
2012-01-10 18:32:38 +01:00
4c0b195380
[ #819 ] set RAILS_ENV if only RACK_ENV is provided
2012-01-06 00:56:57 +01:00
ec9352dffe
Merge branch 'release-v2.6.0' into stable
2012-01-03 20:48:31 +01:00
939fd0b9fa
Bump version to 2.6.0
2012-01-03 20:46:58 +01:00
4d4b5b6642
Update changelog for 2.6.0 release
2012-01-03 20:45:16 +01:00
7ef1c41aa0
Force source encoding to UTF-8
2012-01-03 20:43:42 +01:00
4577e54f04
Fix trailing whitespace
2012-01-03 20:43:08 +01:00
e95b4992e4
Update copyright for 2012
...
We programmers have a nice new years tradition: We revisit all of our
projects and add 1 to a small number near a "(c)".
-- Volker Dusch
https://twitter.com/__edorian/status/153801913442373633
2012-01-03 20:36:40 +01:00
f90d0fd775
Update locales
2012-01-03 20:29:25 +01:00
0f0e42448a
Overwrite compact on child class of Array to not return an instance of Array
...
This is necessary because in Ruby 1.9.3, the behavior of an internal dup of
the array (rb_ary_dup) was changed to always return an array instance, not
an instance of the actual class which it was working on.
Why can't people just stick to what works but instead try to have special
snowflakes everywhere? </rant>
2012-01-03 19:45:38 +01:00
49cd6f87aa
[ #789 ] Add config.ru for Rack-only servers
2012-01-03 16:31:22 +01:00
1bd8ea6ce7
[ #812 ] Change all references of Redmine to ChiliProject in translations
2012-01-03 15:58:06 +01:00
Holger Just
Holger Just
Jean-Philippe Lang