Holger Just
bfdc43ba73
Bump version to v2.8.1
2013-01-16 23:29:13 +01:00
Holger Just
2b909243ee
Update Changelog for v2.8.1
2013-01-16 23:28:51 +01:00
Holger Just
b7a82ac691
Fix for CVE-2013-0155 in Rails
2013-01-16 23:27:30 +01:00
Holger Just
964d19cc57
Bump version to 2.8.0
2013-01-09 14:11:46 +01:00
Holger Just
dd945c78c3
Update Changelog for v2.8.0
2013-01-09 14:11:18 +01:00
Holger Just
41e349888b
Remove Rails patches which are already included in Rails 2.3.15 #1200
2013-01-09 14:11:18 +01:00
Holger Just
dca36c222a
Bump Rails version to 2.3.15 #1200
2013-01-09 14:11:18 +01:00
Holger Just
524ef942d9
Bump version to v2.7.4
2013-01-06 23:56:43 +01:00
Holger Just
e06dd303db
Update Changelog for v2.7.4
2013-01-06 23:56:23 +01:00
Holger Just
e2bc4e905a
Update Copyright for 2013
...
We programmers have a nice new years tradition: We revisit all of
our projects and add 1 to a small number near a "(c)".
-- Volker Dusch
https://twitter.com/__edorian/status/153801913442373633
2013-01-06 23:52:16 +01:00
Holger Just
6ece1687de
Fix XSS vulnerabilities in Rails (CVE-2012-3464, CVE-2012-3465) #1113 #1114
2013-01-06 23:50:49 +01:00
Holger Just
6d87b8b297
SQL Injection Vulnerability in Ruby on Rails (CVE-2012-5664) #1195
2013-01-06 23:50:32 +01:00
Holger Just
bd509a4008
Bump version to 2.7.3
2012-06-13 10:29:12 +02:00
Holger Just
b0ec4c140d
Update changelog for v2.7.3
2012-06-13 10:28:55 +02:00
Holger Just
e178f1ce9c
Fix SQL injection via nested hashes in conditions. CVE-2012-2695 #1037
2012-06-13 10:27:30 +02:00
Holger Just
c3d3bec47f
Fix SQL injection via nested hashes in conditions (CVE-2012-2694) #1036
2012-06-13 10:27:21 +02:00
Holger Just
8d56d32774
Bump to 2.7.2
2012-06-09 18:17:46 +02:00
Holger Just
4456440535
Update changelog for v2.7.2
2012-06-09 18:17:14 +02:00
Holger Just
f959b9bdb9
[ #1025 ] Fix Rails vulnerability (CVE-2012-2660)
2012-06-09 18:03:41 +02:00
Holger Just
9d32e68ec0
Bump version to 2.7.1
2012-04-04 14:09:08 +02:00
Jean-Philippe Lang
80289c5a70
Set user_id as a protected attribute ( #922 ).
2012-04-04 14:06:01 +02:00
Jean-Philippe Lang
902c624b47
Prevent mass-assignment vulnerability when adding/updating a wiki ( #922 ).
2012-04-04 14:06:00 +02:00
Jean-Philippe Lang
aee7d7315b
Prevent mass-assignment vulnerability when adding/updating a version ( #922 ).
2012-04-04 14:05:41 +02:00
Jean-Philippe Lang
1f10817444
Prevent mass-assignment vulnerability when adding/updating a time entry ( #922 ).
2012-04-04 13:39:37 +02:00
Jean-Philippe Lang
ea3ff66b8e
Use safe_attributes= just like in #create. ( #922 )
2012-04-04 13:39:37 +02:00
Jean-Philippe Lang
ee99b2de03
Prevent mass-assignment vulnerability when adding/updating a news ( #922 ).
2012-04-04 13:39:37 +02:00
Jean-Philippe Lang
4c322d379e
Prevent mass-assignment vulnerability when adding/updating a forum message ( #922 ).
2012-04-04 13:39:36 +02:00
Jean-Philippe Lang
f12b9fca08
Prevent mass-assignment vulnerability when adding a project member ( #922 ).
2012-04-04 13:39:36 +02:00
Jean-Philippe Lang
296b3173ef
Prevent mass-assignment vulnerability when adding/updating an issue category ( #922 ).
2012-04-04 13:39:20 +02:00
Jean-Philippe Lang
c651ba1a98
Prevent mass-assignment vulnerability when adding/updating a document ( #922 ).
...
Conflicts:
app/controllers/documents_controller.rb
2012-04-04 13:30:21 +02:00
Holger Just
ad996d7839
Merge branch 'release-v2.7.0' into stable
2012-02-06 23:40:10 +01:00
Holger Just
608fd61138
Bump version to 2.7.0
2012-02-06 23:36:58 +01:00
Holger Just
a059cb4892
Update changelog for 2.7.0 release
2012-02-06 23:36:29 +01:00
Holger Just
aa5be5132d
[ #593 ] Generate wiki content notifications in the JournalObserver - backported for 2.7
...
This will prevent the usage of the wrong wiki_content status.
The code is not overly pretty and deserves a thorough refactoring, but at
least it solves the problem at hand.
2012-02-06 22:54:53 +01:00
Holger Just
6fd9bc490f
[ #849 #789 ] Remove config.ru - Backport for 2.7
...
Rails 2.3 doesn't work well as a rack-only app
2012-02-06 22:50:38 +01:00
Holger Just
f417996ff0
[ #839 ] Remove ruby-debug dependency - Backport for 2.7
...
It completely breaks on Ruby 1.9.3-p0. This is a stopper for people installing all groups. For the rest it is rarely used at all. Developers and testers requiring it can include it into their Gemfile.local
2012-02-06 22:50:10 +01:00
Holger Just
43afcde38d
[ #875 ] Fix typo
2012-02-01 17:26:07 +01:00
Holger Just
58435c82e4
[ #775 ] Remove noisy journals on Attachments and Messages
2012-01-31 16:03:01 +01:00
Holger Just
01fefe8d3b
[ #775 ] Don't create a new journal on parent message on reply
2012-01-31 16:02:56 +01:00
Holger Just
fb595ec7f9
[ #775 ] Don't create a new journal on Attachment#increment_download
2012-01-31 16:02:49 +01:00
Holger Just
11b441f745
Load Gemfiles from vendor/chiliproject_plugins
2012-01-11 12:02:25 +01:00
Holger Just
cd0ea44ff8
[ #822 ] Provide a default log_encoding even if the db column is not present yet
2012-01-10 18:32:38 +01:00
Holger Just
4c0b195380
[ #819 ] set RAILS_ENV if only RACK_ENV is provided
2012-01-06 00:56:57 +01:00
Holger Just
ec9352dffe
Merge branch 'release-v2.6.0' into stable
2012-01-03 20:48:31 +01:00
Holger Just
939fd0b9fa
Bump version to 2.6.0
2012-01-03 20:46:58 +01:00
Holger Just
4d4b5b6642
Update changelog for 2.6.0 release
2012-01-03 20:45:16 +01:00
Holger Just
7ef1c41aa0
Force source encoding to UTF-8
2012-01-03 20:43:42 +01:00
Holger Just
4577e54f04
Fix trailing whitespace
2012-01-03 20:43:08 +01:00
Holger Just
e95b4992e4
Update copyright for 2012
...
We programmers have a nice new years tradition: We revisit all of our
projects and add 1 to a small number near a "(c)".
-- Volker Dusch
https://twitter.com/__edorian/status/153801913442373633
2012-01-03 20:36:40 +01:00
Holger Just
f90d0fd775
Update locales
2012-01-03 20:29:25 +01:00