Hello community, here is the log from the commit of package rubygem-devise for openSUSE:Factory checked in at 2013-11-24 18:12:21 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rubygem-devise (Old) and /work/SRC/openSUSE:Factory/.rubygem-devise.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-devise" Changes: -------- --- /work/SRC/openSUSE:Factory/rubygem-devise/rubygem-devise.changes 2013-10-06 14:58:06.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.rubygem-devise.new/rubygem-devise.changes 2013-11-24 18:12:22.000000000 +0100 @@ -1,0 +2,33 @@ +Fri Nov 22 08:40:30 UTC 2013 - [email protected] + +- updated to version 3.2.1 + Security announcement: http://blog.plataformatec.com.br/2013/11/e-mail-enumeration-in-devise-in-paranoid-mode + + * enhancements + * Add `store_location_for` helper and ensure it is safe (by @matthewrudy and @homakov) + * Add `yield` around resource methods in Devise controllers (by @edelpero) + + * bug fix + * Bring `password_digest` back to fix compatibility with `devise-encryptable` + * Avoid e-mail enumeration on sign in when in paranoid mode + + ### 3.2.0 + + * enhancements + * Previously deprecated token authenticatable and insecure lookups have been removed + * Add a class method so you can encrypt passwords from fixtures (by @tenderlove) + * Send custom message when user enters invalid password and it has only one attempt + to enter correct password before his account will be locked (by @Lightpower) + * Prevent mutation of values assigned to case and whitespace santitized members (by @iamvery) + * Separate redirects and flash messages in `navigational_formats` and `flashing_formats` (by @ssendev) + + * bug fix + * A GET to sign_in page shouldn't extend the session (by @drewish) + * Splat the arguments to `strong_parameters#permit` to work around a limitation in the `strong_parameters` gem (by @memberful) + * Omniauth now uses `mapping.fullpath` when generating routes. This means if you call `devise_for :users` inside a scope, like `scope "/api"`, the scope will now apply to the omniauth route (by @AlexanderZaytsev) + * Ensure timeoutable hook respects `Devise.sign_out_all_scopes` configuration + + * deprecations + * `expire_session_data_after_sign_in!` has been deprecated in favor of `expire_data_after_sign_in!` + +------------------------------------------------------------------- Old: ---- devise-3.1.1.gem New: ---- devise-3.2.1.gem ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rubygem-devise.spec ++++++ --- /var/tmp/diff_new_pack.bdKL85/_old 2013-11-24 18:12:23.000000000 +0100 +++ /var/tmp/diff_new_pack.bdKL85/_new 2013-11-24 18:12:23.000000000 +0100 @@ -17,7 +17,7 @@ Name: rubygem-devise -Version: 3.1.1 +Version: 3.2.1 Release: 0 %define mod_name devise %define mod_full_name %{mod_name}-%{version} -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
