e178f1ce9c
Fix SQL injection via nested hashes in conditions. CVE-2012-2695 #1037
2012-06-13 10:27:30 +02:00
c3d3bec47f
Fix SQL injection via nested hashes in conditions (CVE-2012-2694) #1036
2012-06-13 10:27:21 +02:00
8d56d32774
Bump to 2.7.2
2012-06-09 18:17:46 +02:00
4456440535
Update changelog for v2.7.2
2012-06-09 18:17:14 +02:00
f959b9bdb9
[ #1025 ] Fix Rails vulnerability (CVE-2012-2660)
2012-06-09 18:03:41 +02:00
9d32e68ec0
Bump version to 2.7.1
2012-04-04 14:09:08 +02:00
80289c5a70
Set user_id as a protected attribute ( #922 ).
2012-04-04 14:06:01 +02:00
902c624b47
Prevent mass-assignment vulnerability when adding/updating a wiki ( #922 ).
2012-04-04 14:06:00 +02:00
aee7d7315b
Prevent mass-assignment vulnerability when adding/updating a version ( #922 ).
2012-04-04 14:05:41 +02:00
1f10817444
Prevent mass-assignment vulnerability when adding/updating a time entry ( #922 ).
2012-04-04 13:39:37 +02:00
ea3ff66b8e
Use safe_attributes= just like in #create. ( #922 )
2012-04-04 13:39:37 +02:00
ee99b2de03
Prevent mass-assignment vulnerability when adding/updating a news ( #922 ).
2012-04-04 13:39:37 +02:00
4c322d379e
Prevent mass-assignment vulnerability when adding/updating a forum message ( #922 ).
2012-04-04 13:39:36 +02:00
f12b9fca08
Prevent mass-assignment vulnerability when adding a project member ( #922 ).
2012-04-04 13:39:36 +02:00
296b3173ef
Prevent mass-assignment vulnerability when adding/updating an issue category ( #922 ).
2012-04-04 13:39:20 +02:00
c651ba1a98
Prevent mass-assignment vulnerability when adding/updating a document ( #922 ).
...
Conflicts:
app/controllers/documents_controller.rb
2012-04-04 13:30:21 +02:00
ad996d7839
Merge branch 'release-v2.7.0' into stable
2012-02-06 23:40:10 +01:00
608fd61138
Bump version to 2.7.0
2012-02-06 23:36:58 +01:00
a059cb4892
Update changelog for 2.7.0 release
2012-02-06 23:36:29 +01:00
aa5be5132d
[ #593 ] Generate wiki content notifications in the JournalObserver - backported for 2.7
...
This will prevent the usage of the wrong wiki_content status.
The code is not overly pretty and deserves a thorough refactoring, but at
least it solves the problem at hand.
2012-02-06 22:54:53 +01:00
6fd9bc490f
[ #849 #789 ] Remove config.ru - Backport for 2.7
...
Rails 2.3 doesn't work well as a rack-only app
2012-02-06 22:50:38 +01:00
f417996ff0
[ #839 ] Remove ruby-debug dependency - Backport for 2.7
...
It completely breaks on Ruby 1.9.3-p0. This is a stopper for people installing all groups. For the rest it is rarely used at all. Developers and testers requiring it can include it into their Gemfile.local
2012-02-06 22:50:10 +01:00
43afcde38d
[ #875 ] Fix typo
2012-02-01 17:26:07 +01:00
58435c82e4
[ #775 ] Remove noisy journals on Attachments and Messages
2012-01-31 16:03:01 +01:00
01fefe8d3b
[ #775 ] Don't create a new journal on parent message on reply
2012-01-31 16:02:56 +01:00
fb595ec7f9
[ #775 ] Don't create a new journal on Attachment#increment_download
2012-01-31 16:02:49 +01:00
11b441f745
Load Gemfiles from vendor/chiliproject_plugins
2012-01-11 12:02:25 +01:00
cd0ea44ff8
[ #822 ] Provide a default log_encoding even if the db column is not present yet
2012-01-10 18:32:38 +01:00
4c0b195380
[ #819 ] set RAILS_ENV if only RACK_ENV is provided
2012-01-06 00:56:57 +01:00
ec9352dffe
Merge branch 'release-v2.6.0' into stable
2012-01-03 20:48:31 +01:00
939fd0b9fa
Bump version to 2.6.0
2012-01-03 20:46:58 +01:00
4d4b5b6642
Update changelog for 2.6.0 release
2012-01-03 20:45:16 +01:00
7ef1c41aa0
Force source encoding to UTF-8
2012-01-03 20:43:42 +01:00
4577e54f04
Fix trailing whitespace
2012-01-03 20:43:08 +01:00
e95b4992e4
Update copyright for 2012
...
We programmers have a nice new years tradition: We revisit all of our
projects and add 1 to a small number near a "(c)".
-- Volker Dusch
https://twitter.com/__edorian/status/153801913442373633
2012-01-03 20:36:40 +01:00
f90d0fd775
Update locales
2012-01-03 20:29:25 +01:00
0f0e42448a
Overwrite compact on child class of Array to not return an instance of Array
...
This is necessary because in Ruby 1.9.3, the behavior of an internal dup of
the array (rb_ary_dup) was changed to always return an array instance, not
an instance of the actual class which it was working on.
Why can't people just stick to what works but instead try to have special
snowflakes everywhere? </rant>
2012-01-03 19:45:38 +01:00
49cd6f87aa
[ #789 ] Add config.ru for Rack-only servers
2012-01-03 16:31:22 +01:00
1bd8ea6ce7
[ #812 ] Change all references of Redmine to ChiliProject in translations
2012-01-03 15:58:06 +01:00
896fa80784
[ #785 ] pt-BR translation updates
2011-12-26 17:06:49 +01:00
1ebec832af
[ #486 ] More menu items on the wiki annotate view.
2011-12-18 21:21:21 +01:00
d71a74bcbe
Explicit name for the example slapd config ldif.
2011-12-18 20:45:01 +01:00
44cf67032f
Merge pull request #142 from elm/custom-ldap-filter
...
[#388 ] Custom LDAP filter
2011-12-18 11:13:55 -08:00
b135162c5b
Login should redirect to welcome/home page if already logged in.
2011-12-18 19:49:35 +01:00
bde0f6a862
Fix line endings from \r\n to \n
2011-12-18 19:30:46 +01:00
6c690814c9
[ #463 ] Pass through Basic Auth in an FCGI setup
2011-12-18 19:30:37 +01:00
0d69fa6bb1
Patch for ruby1.9.3 compatibility.
...
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@8234 e93f8b46-1217-0410-a6f0-8f06a7374b81
2011-12-16 14:34:22 +01:00
611889f3f7
[ #748 ] Use SCM commands to detect the revision
2011-12-15 22:08:18 +01:00
48737b0c6f
Add OpenLDAP config ldif for redmine database
2011-12-13 20:56:43 +01:00
bf7bcec1da
Remove internal LDAP entries to make the ldif importable.
2011-12-13 20:56:43 +01:00
Holger Just
Holger Just
Jean-Philippe Lang
Enderson Maia
Felix Schäfer
Tom Rochette
elm