Hello community, here is the log from the commit of package rubygem-devise for openSUSE:Factory checked in at 2013-09-27 18:06:14 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rubygem-devise (Old) and /work/SRC/openSUSE:Factory/.rubygem-devise.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-devise" Changes: -------- --- /work/SRC/openSUSE:Factory/rubygem-devise/rubygem-devise.changes 2013-08-23 11:10:15.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.rubygem-devise.new/rubygem-devise.changes 2013-09-27 18:06:16.000000000 +0200 @@ -1,0 +2,43 @@ +Sat Sep 7 05:20:00 UTC 2013 - [email protected] + +- updated to version 3.1.0 + Security announcement: http://blog.plataformatec.com.br/2013/08/devise-3-1-now-with-more-secure-defaults/ + + * backwards incompatible changes + * Do not store confirmation, unlock and reset password tokens directly in the database. This means tokens previously stored in the database are no longer valid. You can reenable this temporarily by setting `config.allow_insecure_tokens_lookup = true` in your configuration file. It is recommended to keep this configuration set to true just temporarily in your production servers only to aid migration + * The Devise mailer and its views were changed to explicitly receive a token argument as `@token`. You will need to update your mailers and re-copy the views to your application with `rails g devise:views` + * Sanitization of parameters should be done by calling `devise_parameter_sanitizer.sanitize(:action)` instead of `devise_parameter_sanitizer.for(:action)` + + * deprecations + * Token authentication is deprecated + + * enhancements + * Better security defaults + * Allow easier customization of parameter sanitizer (by @alexpeattie) + + * bug fix + * Do not confirm e-mail after password reset (by @moll) + * Do not sign in after confirmation + * Do not store confirmation, unlock and reset password tokens directly in the database + * Do not compare directly against confirmation, unlock and reset password tokens + * Skip storage for cookies on unverified requests + +------------------------------------------------------------------- +Mon Aug 26 05:05:51 UTC 2013 - [email protected] + +- updated to version 3.0.3 + == 3.0.3 + + * bug fix + * Do not confirm account after reset password + + == 3.0.2 + + * bug fix + * Skip storage for cookies on unverified requests + + == 3.0.1 + + Security announcement: http://blog.plataformatec.com.br/2013/08/csrf-token-fixation-attacks-in-devise/ + +------------------------------------------------------------------- Old: ---- devise-3.0.1.gem New: ---- devise-3.1.0.gem ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rubygem-devise.spec ++++++ --- /var/tmp/diff_new_pack.zlxI7D/_old 2013-09-27 18:06:16.000000000 +0200 +++ /var/tmp/diff_new_pack.zlxI7D/_new 2013-09-27 18:06:16.000000000 +0200 @@ -17,7 +17,7 @@ Name: rubygem-devise -Version: 3.0.1 +Version: 3.1.0 Release: 0 %define mod_name devise %define mod_full_name %{mod_name}-%{version} @@ -60,7 +60,7 @@ %install %gem_install -f mkdir -p %{buildroot}%{_docdir}/%{name} -ln -s %{_libdir}/ruby/gems/%{rb_ver}/gems/%{mod_full_name}/CHANGELOG.rdoc %buildroot/%{_docdir}/%{name}/CHANGELOG.rdoc +ln -s %{_libdir}/ruby/gems/%{rb_ver}/gems/%{mod_full_name}/CHANGELOG.md %buildroot/%{_docdir}/%{name}/CHANGELOG.md ln -s %{_libdir}/ruby/gems/%{rb_ver}/gems/%{mod_full_name}/MIT-LICENSE %buildroot/%{_docdir}/%{name}/MIT-LICENSE ln -s %{_libdir}/ruby/gems/%{rb_ver}/gems/%{mod_full_name}/README.md %buildroot/%{_docdir}/%{name}/README.md -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
