commit rubygem-actionview-6.0 for openSUSE:Factory
Hello community, here is the log from the commit of package rubygem-actionview-6.0 for openSUSE:Factory checked in at 2020-10-18 16:34:34 Comparing /work/SRC/openSUSE:Factory/rubygem-actionview-6.0 (Old) and /work/SRC/openSUSE:Factory/.rubygem-actionview-6.0.new.3486 (New) Package is "rubygem-actionview-6.0" Sun Oct 18 16:34:34 2020 rev:10 rq:842163 version:6.0.3.4 Changes: --- /work/SRC/openSUSE:Factory/rubygem-actionview-6.0/rubygem-actionview-6.0.changes 2020-09-14 12:29:38.901149157 +0200 +++ /work/SRC/openSUSE:Factory/.rubygem-actionview-6.0.new.3486/rubygem-actionview-6.0.changes 2020-10-18 16:34:38.512843870 +0200 @@ -1,0 +2,6 @@ +Fri Oct 16 15:10:32 UTC 2020 - Marcus Rueckert + +- update to version 6.0.3.4: CVE-2020-8264 (boo#1177521) + https://weblog.rubyonrails.org/2020/10/7/Rails-6-0-3-4-has-been-released/ + +--- Old: actionview-6.0.3.3.gem New: actionview-6.0.3.4.gem Other differences: -- ++ rubygem-actionview-6.0.spec ++ --- /var/tmp/diff_new_pack.0WBP2g/_old 2020-10-18 16:34:39.140844150 +0200 +++ /var/tmp/diff_new_pack.0WBP2g/_new 2020-10-18 16:34:39.144844151 +0200 @@ -24,7 +24,7 @@ # Name: rubygem-actionview-6.0 -Version:6.0.3.3 +Version:6.0.3.4 Release:0 %define mod_name actionview %define mod_full_name %{mod_name}-%{version} ++ actionview-6.0.3.3.gem -> actionview-6.0.3.4.gem ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md --- old/CHANGELOG.md2020-09-09 20:18:12.0 +0200 +++ new/CHANGELOG.md2020-10-07 18:48:21.0 +0200 @@ -1,3 +1,8 @@ +## Rails 6.0.3.4 (October 07, 2020) ## + +* No changes. + + ## Rails 6.0.3.3 (September 09, 2020) ## * [CVE-2020-8185] Fix potential XSS vulnerability in the `translate`/`t` helper. Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/action_view/gem_version.rb new/lib/action_view/gem_version.rb --- old/lib/action_view/gem_version.rb 2020-09-09 20:18:12.0 +0200 +++ new/lib/action_view/gem_version.rb 2020-10-07 18:48:21.0 +0200 @@ -10,7 +10,7 @@ MAJOR = 6 MINOR = 0 TINY = 3 -PRE = "3" +PRE = "4" STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".") end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/metadata new/metadata --- old/metadata2020-09-09 20:18:12.0 +0200 +++ new/metadata2020-10-07 18:48:21.0 +0200 @@ -1,14 +1,14 @@ --- !ruby/object:Gem::Specification name: actionview version: !ruby/object:Gem::Version - version: 6.0.3.3 + version: 6.0.3.4 platform: ruby authors: - David Heinemeier Hansson -autorequire: +autorequire: bindir: bin cert_chain: [] -date: 2020-09-09 00:00:00.0 Z +date: 2020-10-07 00:00:00.0 Z dependencies: - !ruby/object:Gem::Dependency name: activesupport @@ -16,14 +16,14 @@ requirements: - - '=' - !ruby/object:Gem::Version -version: 6.0.3.3 +version: 6.0.3.4 type: :runtime prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - '=' - !ruby/object:Gem::Version -version: 6.0.3.3 +version: 6.0.3.4 - !ruby/object:Gem::Dependency name: builder requirement: !ruby/object:Gem::Requirement @@ -92,28 +92,28 @@ requirements: - - '=' - !ruby/object:Gem::Version -version: 6.0.3.3 +version: 6.0.3.4 type: :development prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - '=' - !ruby/object:Gem::Version -version: 6.0.3.3 +version: 6.0.3.4 - !ruby/object:Gem::Dependency name: activemodel requirement: !ruby/object:Gem::Requirement requirements: - - '=' - !ruby/object:Gem::Version -version: 6.0.3.3 +version: 6.0.3.4 type: :development prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - '=' - !ruby/object:Gem::Version -version: 6.0.3.3 +version: 6.0.3.4 description: Simple, battle-tested conventions and helpers for building web pages. email: da...@loudthinking.com executables: [] @@ -236,11 +236,11 @@ - MIT metadata: bug_tracker_uri: https://github.com/rails/rails/issues - changelog_uri: https://github.com/rails/rails/blob/v6.0.3.3/actionview/CHANGELOG.md - documentation_uri: https://api.rubyonrails.org/v6.0.3.3/ +
commit rubygem-actionview-6.0 for openSUSE:Factory
Hello community, here is the log from the commit of package rubygem-actionview-6.0 for openSUSE:Factory checked in at 2020-09-14 12:28:41 Comparing /work/SRC/openSUSE:Factory/rubygem-actionview-6.0 (Old) and /work/SRC/openSUSE:Factory/.rubygem-actionview-6.0.new.4249 (New) Package is "rubygem-actionview-6.0" Mon Sep 14 12:28:41 2020 rev:9 rq:833957 version:6.0.3.3 Changes: --- /work/SRC/openSUSE:Factory/rubygem-actionview-6.0/rubygem-actionview-6.0.changes 2020-06-25 15:11:08.850065543 +0200 +++ /work/SRC/openSUSE:Factory/.rubygem-actionview-6.0.new.4249/rubygem-actionview-6.0.changes 2020-09-14 12:29:38.901149157 +0200 @@ -1,0 +2,7 @@ +Sat Sep 12 11:59:04 UTC 2020 - Manuel Schnitzer + +- updated to version 6.0.3.3 + + * CVE-2020-8185: Fix potential XSS vulnerability in the `translate/t` helper (bsc#1173564) + +--- Old: actionview-6.0.3.2.gem New: actionview-6.0.3.3.gem Other differences: -- ++ rubygem-actionview-6.0.spec ++ --- /var/tmp/diff_new_pack.QyBzTP/_old 2020-09-14 12:29:39.845149760 +0200 +++ /var/tmp/diff_new_pack.QyBzTP/_new 2020-09-14 12:29:39.853149764 +0200 @@ -24,7 +24,7 @@ # Name: rubygem-actionview-6.0 -Version:6.0.3.2 +Version:6.0.3.3 Release:0 %define mod_name actionview %define mod_full_name %{mod_name}-%{version} ++ actionview-6.0.3.2.gem -> actionview-6.0.3.3.gem ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md --- old/CHANGELOG.md2020-06-17 16:52:56.0 +0200 +++ new/CHANGELOG.md2020-09-09 20:18:12.0 +0200 @@ -1,3 +1,10 @@ +## Rails 6.0.3.3 (September 09, 2020) ## + +* [CVE-2020-8185] Fix potential XSS vulnerability in the `translate`/`t` helper. + +*Jonathan Hefner* + + ## Rails 6.0.3.2 (June 17, 2020) ## * No changes. Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/action_view/gem_version.rb new/lib/action_view/gem_version.rb --- old/lib/action_view/gem_version.rb 2020-06-17 16:52:56.0 +0200 +++ new/lib/action_view/gem_version.rb 2020-09-09 20:18:12.0 +0200 @@ -10,7 +10,7 @@ MAJOR = 6 MINOR = 0 TINY = 3 -PRE = "2" +PRE = "3" STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".") end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/action_view/helpers/translation_helper.rb new/lib/action_view/helpers/translation_helper.rb --- old/lib/action_view/helpers/translation_helper.rb 2020-06-17 16:52:56.0 +0200 +++ new/lib/action_view/helpers/translation_helper.rb 2020-09-09 20:18:12.0 +0200 @@ -76,13 +76,20 @@ if html_safe_translation_key?(key) html_safe_options = options.dup + options.except(*I18n::RESERVED_KEYS).each do |name, value| unless name == :count && value.is_a?(Numeric) html_safe_options[name] = ERB::Util.html_escape(value.to_s) end end + + html_safe_options[:default] = MISSING_TRANSLATION unless html_safe_options[:default].blank? + translation = I18n.translate(scope_key_by_partial(key), **html_safe_options.merge(raise: i18n_raise)) - if translation.respond_to?(:map) + + if translation.equal?(MISSING_TRANSLATION) +options[:default].first + elsif translation.respond_to?(:map) translation.map { |element| element.respond_to?(:html_safe) ? element.html_safe : element } else translation.respond_to?(:html_safe) ? translation.html_safe : translation @@ -121,6 +128,9 @@ alias :l :localize private +MISSING_TRANSLATION = Object.new +private_constant :MISSING_TRANSLATION + def scope_key_by_partial(key) stringified_key = key.to_s if stringified_key.first == "." diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/metadata new/metadata --- old/metadata2020-06-17 16:52:56.0 +0200 +++ new/metadata2020-09-09 20:18:12.0 +0200 @@ -1,14 +1,14 @@ --- !ruby/object:Gem::Specification name: actionview version: !ruby/object:Gem::Version - version: 6.0.3.2 + version: 6.0.3.3 platform: ruby authors: - David Heinemeier Hansson -autorequire: +autorequire: bindir: bin cert_chain: [] -date: 2020-06-17 00:00:00.0 Z +date: 2020-09-09 00:00:00.0 Z dependencies: - !ruby/object:Gem::Dependency name: activesupport
commit rubygem-actionview-6.0 for openSUSE:Factory
Hello community, here is the log from the commit of package rubygem-actionview-6.0 for openSUSE:Factory checked in at 2020-06-25 15:10:44 Comparing /work/SRC/openSUSE:Factory/rubygem-actionview-6.0 (Old) and /work/SRC/openSUSE:Factory/.rubygem-actionview-6.0.new.3060 (New) Package is "rubygem-actionview-6.0" Thu Jun 25 15:10:44 2020 rev:8 rq:817007 version:6.0.3.2 Changes: --- /work/SRC/openSUSE:Factory/rubygem-actionview-6.0/rubygem-actionview-6.0.changes 2020-05-28 09:18:56.541167389 +0200 +++ /work/SRC/openSUSE:Factory/.rubygem-actionview-6.0.new.3060/rubygem-actionview-6.0.changes 2020-06-25 15:11:08.850065543 +0200 @@ -1,0 +2,7 @@ +Thu Jun 25 09:39:22 UTC 2020 - Manuel Schnitzer + +- updated to version 6.0.3.2 + + * no changes + +--- Old: actionview-6.0.3.1.gem New: actionview-6.0.3.2.gem Other differences: -- ++ rubygem-actionview-6.0.spec ++ --- /var/tmp/diff_new_pack.z2w2WN/_old 2020-06-25 15:11:10.010069183 +0200 +++ /var/tmp/diff_new_pack.z2w2WN/_new 2020-06-25 15:11:10.010069183 +0200 @@ -24,7 +24,7 @@ # Name: rubygem-actionview-6.0 -Version:6.0.3.1 +Version:6.0.3.2 Release:0 %define mod_name actionview %define mod_full_name %{mod_name}-%{version} ++ actionview-6.0.3.1.gem -> actionview-6.0.3.2.gem ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md --- old/CHANGELOG.md2020-05-18 17:45:55.0 +0200 +++ new/CHANGELOG.md2020-06-17 16:52:56.0 +0200 @@ -1,3 +1,8 @@ +## Rails 6.0.3.2 (June 17, 2020) ## + +* No changes. + + ## Rails 6.0.3.1 (May 18, 2020) ## * [CVE-2020-8167] Check that request is same-origin prior to including CSRF token in XHRs Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/action_view/gem_version.rb new/lib/action_view/gem_version.rb --- old/lib/action_view/gem_version.rb 2020-05-18 17:45:55.0 +0200 +++ new/lib/action_view/gem_version.rb 2020-06-17 16:52:56.0 +0200 @@ -10,7 +10,7 @@ MAJOR = 6 MINOR = 0 TINY = 3 -PRE = "1" +PRE = "2" STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".") end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/metadata new/metadata --- old/metadata2020-05-18 17:45:55.0 +0200 +++ new/metadata2020-06-17 16:52:56.0 +0200 @@ -1,14 +1,14 @@ --- !ruby/object:Gem::Specification name: actionview version: !ruby/object:Gem::Version - version: 6.0.3.1 + version: 6.0.3.2 platform: ruby authors: - David Heinemeier Hansson -autorequire: +autorequire: bindir: bin cert_chain: [] -date: 2020-05-18 00:00:00.0 Z +date: 2020-06-17 00:00:00.0 Z dependencies: - !ruby/object:Gem::Dependency name: activesupport @@ -16,14 +16,14 @@ requirements: - - '=' - !ruby/object:Gem::Version -version: 6.0.3.1 +version: 6.0.3.2 type: :runtime prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - '=' - !ruby/object:Gem::Version -version: 6.0.3.1 +version: 6.0.3.2 - !ruby/object:Gem::Dependency name: builder requirement: !ruby/object:Gem::Requirement @@ -92,28 +92,28 @@ requirements: - - '=' - !ruby/object:Gem::Version -version: 6.0.3.1 +version: 6.0.3.2 type: :development prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - '=' - !ruby/object:Gem::Version -version: 6.0.3.1 +version: 6.0.3.2 - !ruby/object:Gem::Dependency name: activemodel requirement: !ruby/object:Gem::Requirement requirements: - - '=' - !ruby/object:Gem::Version -version: 6.0.3.1 +version: 6.0.3.2 type: :development prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - '=' - !ruby/object:Gem::Version -version: 6.0.3.1 +version: 6.0.3.2 description: Simple, battle-tested conventions and helpers for building web pages. email: da...@loudthinking.com executables: [] @@ -236,11 +236,11 @@ - MIT metadata: bug_tracker_uri: https://github.com/rails/rails/issues - changelog_uri: https://github.com/rails/rails/blob/v6.0.3.1/actionview/CHANGELOG.md - documentation_uri: https://api.rubyonrails.org/v6.0.3.1/ + changelog_uri: https://github.com/rails/rails/blob/v6.0.3.2/actionview/CHANGELOG.md +
commit rubygem-actionview-6.0 for openSUSE:Factory
Hello community, here is the log from the commit of package rubygem-actionview-6.0 for openSUSE:Factory checked in at 2020-05-28 09:18:56 Comparing /work/SRC/openSUSE:Factory/rubygem-actionview-6.0 (Old) and /work/SRC/openSUSE:Factory/.rubygem-actionview-6.0.new.3606 (New) Package is "rubygem-actionview-6.0" Thu May 28 09:18:56 2020 rev:7 rq:809483 version:6.0.3.1 Changes: --- /work/SRC/openSUSE:Factory/rubygem-actionview-6.0/rubygem-actionview-6.0.changes 2020-05-11 13:38:21.692741229 +0200 +++ /work/SRC/openSUSE:Factory/.rubygem-actionview-6.0.new.3606/rubygem-actionview-6.0.changes 2020-05-28 09:18:56.541167389 +0200 @@ -1,0 +2,7 @@ +Wed May 27 10:57:07 UTC 2020 - Manuel Schnitzer + +- updated to version 6.0.3.1 + + * CVE-2020-8167: Check that request is same-origin prior to including CSRF token in XHRs + +--- Old: actionview-6.0.3.gem New: actionview-6.0.3.1.gem Other differences: -- ++ rubygem-actionview-6.0.spec ++ --- /var/tmp/diff_new_pack.ZSaRaS/_old 2020-05-28 09:18:57.085168385 +0200 +++ /var/tmp/diff_new_pack.ZSaRaS/_new 2020-05-28 09:18:57.089168392 +0200 @@ -24,7 +24,7 @@ # Name: rubygem-actionview-6.0 -Version:6.0.3 +Version:6.0.3.1 Release:0 %define mod_name actionview %define mod_full_name %{mod_name}-%{version} ++ actionview-6.0.3.gem -> actionview-6.0.3.1.gem ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md --- old/CHANGELOG.md2020-05-06 20:00:05.0 +0200 +++ new/CHANGELOG.md2020-05-18 17:45:55.0 +0200 @@ -1,3 +1,7 @@ +## Rails 6.0.3.1 (May 18, 2020) ## + +* [CVE-2020-8167] Check that request is same-origin prior to including CSRF token in XHRs + ## Rails 6.0.3 (May 06, 2020) ## * annotated_source_code returns an empty array so TemplateErrors without a Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/action_view/gem_version.rb new/lib/action_view/gem_version.rb --- old/lib/action_view/gem_version.rb 2020-05-06 20:00:05.0 +0200 +++ new/lib/action_view/gem_version.rb 2020-05-18 17:45:55.0 +0200 @@ -10,7 +10,7 @@ MAJOR = 6 MINOR = 0 TINY = 3 -PRE = nil +PRE = "1" STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".") end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/assets/compiled/rails-ujs.js new/lib/assets/compiled/rails-ujs.js --- old/lib/assets/compiled/rails-ujs.js2020-05-06 20:00:05.0 +0200 +++ new/lib/assets/compiled/rails-ujs.js2020-05-18 17:45:55.0 +0200 @@ -247,8 +247,8 @@ } if (!options.crossDomain) { xhr.setRequestHeader('X-Requested-With', 'XMLHttpRequest'); + CSRFProtection(xhr); } -CSRFProtection(xhr); xhr.withCredentials = !!options.withCredentials; xhr.onreadystatechange = function() { if (xhr.readyState === XMLHttpRequest.DONE) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/metadata new/metadata --- old/metadata2020-05-06 20:00:05.0 +0200 +++ new/metadata2020-05-18 17:45:55.0 +0200 @@ -1,14 +1,14 @@ --- !ruby/object:Gem::Specification name: actionview version: !ruby/object:Gem::Version - version: 6.0.3 + version: 6.0.3.1 platform: ruby authors: - David Heinemeier Hansson autorequire: bindir: bin cert_chain: [] -date: 2020-05-06 00:00:00.0 Z +date: 2020-05-18 00:00:00.0 Z dependencies: - !ruby/object:Gem::Dependency name: activesupport @@ -16,14 +16,14 @@ requirements: - - '=' - !ruby/object:Gem::Version -version: 6.0.3 +version: 6.0.3.1 type: :runtime prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - '=' - !ruby/object:Gem::Version -version: 6.0.3 +version: 6.0.3.1 - !ruby/object:Gem::Dependency name: builder requirement: !ruby/object:Gem::Requirement @@ -92,28 +92,28 @@ requirements: - - '=' - !ruby/object:Gem::Version -version: 6.0.3 +version: 6.0.3.1 type: :development prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - '=' - !ruby/object:Gem::Version -version: 6.0.3 +version: 6.0.3.1 - !ruby/object:Gem::Dependency name: activemodel requirement: !ruby/object:Gem::Requirement
commit rubygem-actionview-6.0 for openSUSE:Factory
Hello community, here is the log from the commit of package rubygem-actionview-6.0 for openSUSE:Factory checked in at 2020-05-11 13:38:17 Comparing /work/SRC/openSUSE:Factory/rubygem-actionview-6.0 (Old) and /work/SRC/openSUSE:Factory/.rubygem-actionview-6.0.new.2738 (New) Package is "rubygem-actionview-6.0" Mon May 11 13:38:17 2020 rev:6 rq:802314 version:6.0.3 Changes: --- /work/SRC/openSUSE:Factory/rubygem-actionview-6.0/rubygem-actionview-6.0.changes 2020-04-27 23:40:31.747775163 +0200 +++ /work/SRC/openSUSE:Factory/.rubygem-actionview-6.0.new.2738/rubygem-actionview-6.0.changes 2020-05-11 13:38:21.692741229 +0200 @@ -1,0 +2,26 @@ +Thu May 7 19:59:43 UTC 2020 - Stephan Kulow + +- updated to version 6.0.3 + see installed CHANGELOG.md + + ## Rails 6.0.3 (May 06, 2020) ## + + * annotated_source_code returns an empty array so TemplateErrors without a + template in the backtrace are surfaced properly by DebugExceptions. + + *Guilherme Mansur*, *Kasper Timm Hansen* + + * Add autoload for SyntaxErrorInTemplate so syntax errors are correctly raised by DebugExceptions. + + *Guilherme Mansur*, *Gannon McGibbon* + + + ## Rails 6.0.2.2 (March 19, 2020) ## + + * Fix possible XSS vector in escape_javascript helper + + CVE-2020-5267 + + *Aaron Patterson* + +--- Old: actionview-6.0.2.2.gem New: actionview-6.0.3.gem Other differences: -- ++ rubygem-actionview-6.0.spec ++ --- /var/tmp/diff_new_pack.jB37c8/_old 2020-05-11 13:38:22.472742864 +0200 +++ /var/tmp/diff_new_pack.jB37c8/_new 2020-05-11 13:38:22.476742873 +0200 @@ -24,7 +24,7 @@ # Name: rubygem-actionview-6.0 -Version:6.0.2.2 +Version:6.0.3 Release:0 %define mod_name actionview %define mod_full_name %{mod_name}-%{version} ++ actionview-6.0.2.2.gem -> actionview-6.0.3.gem ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md --- old/CHANGELOG.md2020-03-19 17:42:36.0 +0100 +++ new/CHANGELOG.md2020-05-06 20:00:05.0 +0200 @@ -1,3 +1,24 @@ +## Rails 6.0.3 (May 06, 2020) ## + +* annotated_source_code returns an empty array so TemplateErrors without a +template in the backtrace are surfaced properly by DebugExceptions. + +*Guilherme Mansur*, *Kasper Timm Hansen* + +* Add autoload for SyntaxErrorInTemplate so syntax errors are correctly raised by DebugExceptions. + +*Guilherme Mansur*, *Gannon McGibbon* + + +## Rails 6.0.2.2 (March 19, 2020) ## + +* Fix possible XSS vector in escape_javascript helper + +CVE-2020-5267 + +*Aaron Patterson* + + ## Rails 6.0.2.1 (December 18, 2019) ## * No changes. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/README.rdoc new/README.rdoc --- old/README.rdoc 2020-03-19 17:42:36.0 +0100 +++ new/README.rdoc 2020-05-06 20:00:05.0 +0200 @@ -37,4 +37,4 @@ Feature requests should be discussed on the rails-core mailing list here: -* https://groups.google.com/forum/?fromgroups#!forum/rubyonrails-core +* https://discuss.rubyonrails.org/c/rubyonrails-core Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/action_view/cache_expiry.rb new/lib/action_view/cache_expiry.rb --- old/lib/action_view/cache_expiry.rb 2020-03-19 17:42:36.0 +0100 +++ new/lib/action_view/cache_expiry.rb 2020-05-06 20:00:05.0 +0200 @@ -41,7 +41,6 @@ end private - def dirs_to_watch fs_paths = all_view_paths.grep(FileSystemResolver) fs_paths.map(&:path).sort.uniq diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/action_view/flows.rb new/lib/action_view/flows.rb --- old/lib/action_view/flows.rb2020-03-19 17:42:36.0 +0100 +++ new/lib/action_view/flows.rb2020-05-06 20:00:05.0 +0200 @@ -68,7 +68,6 @@ end private - def inside_fiber? Fiber.current.object_id != @root end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/action_view/gem_version.rb new/lib/action_view/gem_version.rb --- old/lib/action_view/gem_version.rb 2020-03-19 17:42:36.0 +0100 +++ new/lib/action_view/gem_version.rb 2020-05-06 20:00:05.0 +0200 @@ -9,8 +9,8 @@ module VERSION MAJOR = 6 MINOR = 0 -TINY = 2 -PRE = "2" +TINY = 3 +PRE = nil STRING = [MAJOR, MINOR, TINY,
commit rubygem-actionview-6.0 for openSUSE:Factory
Hello community, here is the log from the commit of package rubygem-actionview-6.0 for openSUSE:Factory checked in at 2020-04-27 23:40:21 Comparing /work/SRC/openSUSE:Factory/rubygem-actionview-6.0 (Old) and /work/SRC/openSUSE:Factory/.rubygem-actionview-6.0.new.2738 (New) Package is "rubygem-actionview-6.0" Mon Apr 27 23:40:21 2020 rev:5 rq:798220 version:6.0.2.2 Changes: --- /work/SRC/openSUSE:Factory/rubygem-actionview-6.0/rubygem-actionview-6.0.changes 2019-12-21 12:32:18.923389886 +0100 +++ /work/SRC/openSUSE:Factory/.rubygem-actionview-6.0.new.2738/rubygem-actionview-6.0.changes 2020-04-27 23:40:31.747775163 +0200 @@ -1,0 +2,10 @@ +Mon Apr 27 10:41:51 UTC 2020 - Manuel Schnitzer + +- updated to version 6.0.2.2 + + * Fix possible XSS vector in escape_javascript helper +(CVE-2020-5267, bsc#1167240) + +Aaron Patterson + +--- Old: actionview-6.0.2.1.gem New: actionview-6.0.2.2.gem Other differences: -- ++ rubygem-actionview-6.0.spec ++ --- /var/tmp/diff_new_pack.xfZsbO/_old 2020-04-27 23:40:32.331776302 +0200 +++ /var/tmp/diff_new_pack.xfZsbO/_new 2020-04-27 23:40:32.335776311 +0200 @@ -1,7 +1,7 @@ # # spec file for package rubygem-actionview-6.0 # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -24,7 +24,7 @@ # Name: rubygem-actionview-6.0 -Version:6.0.2.1 +Version:6.0.2.2 Release:0 %define mod_name actionview %define mod_full_name %{mod_name}-%{version} @@ -39,7 +39,7 @@ BuildRequires: %{ruby >= 2.5.0} BuildRequires: %{rubygem gem2rpm} BuildRequires: ruby-macros >= 5 -Url:https://rubyonrails.org +URL:https://rubyonrails.org Source: https://rubygems.org/gems/%{mod_full_name}.gem Source1:gem2rpm.yml Summary:Rendering framework putting the V in MVC (part of Rails) ++ actionview-6.0.2.1.gem -> actionview-6.0.2.2.gem ++ Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/action_view/gem_version.rb new/lib/action_view/gem_version.rb --- old/lib/action_view/gem_version.rb 2019-12-18 20:07:14.0 +0100 +++ new/lib/action_view/gem_version.rb 2020-03-19 17:42:36.0 +0100 @@ -10,7 +10,7 @@ MAJOR = 6 MINOR = 0 TINY = 2 -PRE = "1" +PRE = "2" STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".") end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/action_view/helpers/javascript_helper.rb new/lib/action_view/helpers/javascript_helper.rb --- old/lib/action_view/helpers/javascript_helper.rb2019-12-18 20:07:15.0 +0100 +++ new/lib/action_view/helpers/javascript_helper.rb2020-03-19 17:42:36.0 +0100 @@ -12,7 +12,9 @@ "\n"=> '\n', "\r"=> '\n', '"' => '\\"', -"'" => "\\'" +"'" => "\\'", +"`" => "\\`", +"$" => "\\$" } JS_ESCAPE_MAP[(+"\342\200\250").force_encoding(Encoding::UTF_8).encode!] = "" @@ -29,7 +31,7 @@ if javascript.empty? result = "" else - result = javascript.gsub(/(\\|<\/|\r\n|\342\200\250|\342\200\251|[\n\r"'])/u) { |match| JS_ESCAPE_MAP[match] } + result = javascript.gsub(/(\\|<\/|\r\n|\342\200\250|\342\200\251|[\n\r"']|[`]|[$])/u) { |match| JS_ESCAPE_MAP[match] } end javascript.html_safe? ? result.html_safe : result end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/metadata new/metadata --- old/metadata2019-12-18 20:07:14.0 +0100 +++ new/metadata2020-03-19 17:42:36.0 +0100 @@ -1,14 +1,14 @@ --- !ruby/object:Gem::Specification name: actionview version: !ruby/object:Gem::Version - version: 6.0.2.1 + version: 6.0.2.2 platform: ruby authors: - David Heinemeier Hansson autorequire: bindir: bin cert_chain: [] -date: 2019-12-18 00:00:00.0 Z +date: 2020-03-19 00:00:00.0 Z dependencies: - !ruby/object:Gem::Dependency name: activesupport @@ -16,14 +16,14 @@ requirements: - - '=' - !ruby/object:Gem::Version -version: 6.0.2.1 +version: 6.0.2.2 type: :runtime prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - '=' - !ruby/object:Gem::Version -
commit rubygem-actionview-6.0 for openSUSE:Factory
Hello community, here is the log from the commit of package rubygem-actionview-6.0 for openSUSE:Factory checked in at 2019-12-21 12:31:43 Comparing /work/SRC/openSUSE:Factory/rubygem-actionview-6.0 (Old) and /work/SRC/openSUSE:Factory/.rubygem-actionview-6.0.new.6675 (New) Package is "rubygem-actionview-6.0" Sat Dec 21 12:31:43 2019 rev:4 rq:758387 version:6.0.2.1 Changes: --- /work/SRC/openSUSE:Factory/rubygem-actionview-6.0/rubygem-actionview-6.0.changes 2019-12-14 12:23:52.151194885 +0100 +++ /work/SRC/openSUSE:Factory/.rubygem-actionview-6.0.new.6675/rubygem-actionview-6.0.changes 2019-12-21 12:32:18.923389886 +0100 @@ -1,0 +2,7 @@ +Fri Dec 20 04:21:15 UTC 2019 - Manuel Schnitzer + +- updated to version 6.0.2.1 + + * no changes + +--- Old: actionview-6.0.2.gem New: actionview-6.0.2.1.gem Other differences: -- ++ rubygem-actionview-6.0.spec ++ --- /var/tmp/diff_new_pack.Gypq2L/_old 2019-12-21 12:32:19.367390097 +0100 +++ /var/tmp/diff_new_pack.Gypq2L/_new 2019-12-21 12:32:19.371390099 +0100 @@ -24,7 +24,7 @@ # Name: rubygem-actionview-6.0 -Version:6.0.2 +Version:6.0.2.1 Release:0 %define mod_name actionview %define mod_full_name %{mod_name}-%{version} ++ actionview-6.0.2.gem -> actionview-6.0.2.1.gem ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md --- old/CHANGELOG.md2019-12-13 19:07:48.0 +0100 +++ new/CHANGELOG.md2019-12-18 20:07:14.0 +0100 @@ -1,3 +1,8 @@ +## Rails 6.0.2.1 (December 18, 2019) ## + +* No changes. + + ## Rails 6.0.2 (December 13, 2019) ## * No changes. Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/action_view/gem_version.rb new/lib/action_view/gem_version.rb --- old/lib/action_view/gem_version.rb 2019-12-13 19:07:48.0 +0100 +++ new/lib/action_view/gem_version.rb 2019-12-18 20:07:14.0 +0100 @@ -10,7 +10,7 @@ MAJOR = 6 MINOR = 0 TINY = 2 -PRE = nil +PRE = "1" STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".") end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/metadata new/metadata --- old/metadata2019-12-13 19:07:48.0 +0100 +++ new/metadata2019-12-18 20:07:14.0 +0100 @@ -1,14 +1,14 @@ --- !ruby/object:Gem::Specification name: actionview version: !ruby/object:Gem::Version - version: 6.0.2 + version: 6.0.2.1 platform: ruby authors: - David Heinemeier Hansson autorequire: bindir: bin cert_chain: [] -date: 2019-12-13 00:00:00.0 Z +date: 2019-12-18 00:00:00.0 Z dependencies: - !ruby/object:Gem::Dependency name: activesupport @@ -16,14 +16,14 @@ requirements: - - '=' - !ruby/object:Gem::Version -version: 6.0.2 +version: 6.0.2.1 type: :runtime prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - '=' - !ruby/object:Gem::Version -version: 6.0.2 +version: 6.0.2.1 - !ruby/object:Gem::Dependency name: builder requirement: !ruby/object:Gem::Requirement @@ -92,28 +92,28 @@ requirements: - - '=' - !ruby/object:Gem::Version -version: 6.0.2 +version: 6.0.2.1 type: :development prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - '=' - !ruby/object:Gem::Version -version: 6.0.2 +version: 6.0.2.1 - !ruby/object:Gem::Dependency name: activemodel requirement: !ruby/object:Gem::Requirement requirements: - - '=' - !ruby/object:Gem::Version -version: 6.0.2 +version: 6.0.2.1 type: :development prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - '=' - !ruby/object:Gem::Version -version: 6.0.2 +version: 6.0.2.1 description: Simple, battle-tested conventions and helpers for building web pages. email: da...@loudthinking.com executables: [] @@ -236,10 +236,10 @@ - MIT metadata: bug_tracker_uri: https://github.com/rails/rails/issues - changelog_uri: https://github.com/rails/rails/blob/v6.0.2/actionview/CHANGELOG.md - documentation_uri: https://api.rubyonrails.org/v6.0.2/ + changelog_uri: https://github.com/rails/rails/blob/v6.0.2.1/actionview/CHANGELOG.md + documentation_uri: https://api.rubyonrails.org/v6.0.2.1/ mailing_list_uri:
commit rubygem-actionview-6.0 for openSUSE:Factory
Hello community, here is the log from the commit of package rubygem-actionview-6.0 for openSUSE:Factory checked in at 2019-12-14 12:20:58 Comparing /work/SRC/openSUSE:Factory/rubygem-actionview-6.0 (Old) and /work/SRC/openSUSE:Factory/.rubygem-actionview-6.0.new.4691 (New) Package is "rubygem-actionview-6.0" Sat Dec 14 12:20:58 2019 rev:3 rq:756926 version:6.0.2 Changes: --- /work/SRC/openSUSE:Factory/rubygem-actionview-6.0/rubygem-actionview-6.0.changes 2019-11-13 13:25:13.203503493 +0100 +++ /work/SRC/openSUSE:Factory/.rubygem-actionview-6.0.new.4691/rubygem-actionview-6.0.changes 2019-12-14 12:23:52.151194885 +0100 @@ -1,0 +2,7 @@ +Sat Dec 14 00:03:14 UTC 2019 - Manuel Schnitzer + +- updated to version 6.0.2 + + * no changes + +--- Old: actionview-6.0.1.gem New: actionview-6.0.2.gem Other differences: -- ++ rubygem-actionview-6.0.spec ++ --- /var/tmp/diff_new_pack.xinO0x/_old 2019-12-14 12:23:52.607194816 +0100 +++ /var/tmp/diff_new_pack.xinO0x/_new 2019-12-14 12:23:52.607194816 +0100 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -24,7 +24,7 @@ # Name: rubygem-actionview-6.0 -Version:6.0.1 +Version:6.0.2 Release:0 %define mod_name actionview %define mod_full_name %{mod_name}-%{version} @@ -36,9 +36,9 @@ %endif # /MANUAL BuildRoot: %{_tmppath}/%{name}-%{version}-build -BuildRequires: ruby-macros >= 5 BuildRequires: %{ruby >= 2.5.0} BuildRequires: %{rubygem gem2rpm} +BuildRequires: ruby-macros >= 5 Url:https://rubyonrails.org Source: https://rubygems.org/gems/%{mod_full_name}.gem Source1:gem2rpm.yml ++ actionview-6.0.1.gem -> actionview-6.0.2.gem ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md --- old/CHANGELOG.md2019-11-05 15:37:43.0 +0100 +++ new/CHANGELOG.md2019-12-13 19:07:48.0 +0100 @@ -1,3 +1,8 @@ +## Rails 6.0.2 (December 13, 2019) ## + +* No changes. + + ## Rails 6.0.1 (November 5, 2019) ## * UJS avoids `Element.closest()` for IE 9 compatibility. @@ -44,6 +49,11 @@ *Edward Rudd* +* `ActionView::TemplateRender.render(file: )` now renders the file directly, +without using any handlers, using the new `Template::RawFile` class. + +*John Hawthorn*, *Cliff Pruitt* + ## Rails 6.0.0.beta3 (March 11, 2019) ## @@ -77,6 +87,11 @@ *Mark Edmondson* +* Single arity template handlers are deprecated. Template handlers must +now accept two parameters, the view object and the source for the view object. + +*tenderlove* + ## Rails 6.0.0.beta1 (January 18, 2019) ## Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/action_view/base.rb new/lib/action_view/base.rb --- old/lib/action_view/base.rb 2019-11-05 15:37:43.0 +0100 +++ new/lib/action_view/base.rb 2019-12-13 19:07:48.0 +0100 @@ -281,7 +281,7 @@ ActiveSupport::Deprecation.warn <<~eowarn.squish ActionView::Base instances must implement `compiled_method_container` or use the class method `with_empty_template_cache` for constructing - an ActionView::Base instances that has an empty cache. + an ActionView::Base instance that has an empty cache. eowarn end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/action_view/gem_version.rb new/lib/action_view/gem_version.rb --- old/lib/action_view/gem_version.rb 2019-11-05 15:37:43.0 +0100 +++ new/lib/action_view/gem_version.rb 2019-12-13 19:07:48.0 +0100 @@ -9,7 +9,7 @@ module VERSION MAJOR = 6 MINOR = 0 -TINY = 1 +TINY = 2 PRE = nil STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".") diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/metadata new/metadata --- old/metadata2019-11-05 15:37:43.0 +0100 +++ new/metadata2019-12-13 19:07:48.0 +0100 @@ -1,14 +1,14 @@ --- !ruby/object:Gem::Specification name: actionview version: !ruby/object:Gem::Version - version: 6.0.1 + version: 6.0.2 platform: ruby authors: - David Heinemeier Hansson autorequire: bindir: bin cert_chain: [] -date: 2019-11-05 00:00:00.0 Z
commit rubygem-actionview-6.0 for openSUSE:Factory
Hello community, here is the log from the commit of package rubygem-actionview-6.0 for openSUSE:Factory checked in at 2019-11-13 13:25:03 Comparing /work/SRC/openSUSE:Factory/rubygem-actionview-6.0 (Old) and /work/SRC/openSUSE:Factory/.rubygem-actionview-6.0.new.2990 (New) Package is "rubygem-actionview-6.0" Wed Nov 13 13:25:03 2019 rev:2 rq:747683 version:6.0.1 Changes: --- /work/SRC/openSUSE:Factory/rubygem-actionview-6.0/rubygem-actionview-6.0.changes 2019-08-19 21:40:21.936302509 +0200 +++ /work/SRC/openSUSE:Factory/.rubygem-actionview-6.0.new.2990/rubygem-actionview-6.0.changes 2019-11-13 13:25:13.203503493 +0100 @@ -1,0 +2,9 @@ +Tue Nov 12 13:30:33 UTC 2019 - Manuel Schnitzer + +- updated to version 6.0.1 + + * UJS avoids `Element.closest()` for IE 9 compatibility. + + *George Claghorn* + +--- Old: actionview-6.0.0.gem New: actionview-6.0.1.gem Other differences: -- ++ rubygem-actionview-6.0.spec ++ --- /var/tmp/diff_new_pack.gr9h56/_old 2019-11-13 13:25:14.011504334 +0100 +++ /var/tmp/diff_new_pack.gr9h56/_new 2019-11-13 13:25:14.011504334 +0100 @@ -24,7 +24,7 @@ # Name: rubygem-actionview-6.0 -Version:6.0.0 +Version:6.0.1 Release:0 %define mod_name actionview %define mod_full_name %{mod_name}-%{version} ++ actionview-6.0.0.gem -> actionview-6.0.1.gem ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md --- old/CHANGELOG.md2019-08-16 19:58:57.0 +0200 +++ new/CHANGELOG.md2019-11-05 15:37:43.0 +0100 @@ -1,3 +1,10 @@ +## Rails 6.0.1 (November 5, 2019) ## + +* UJS avoids `Element.closest()` for IE 9 compatibility. + +*George Claghorn* + + ## Rails 6.0.0 (August 16, 2019) ## * ActionView::Helpers::SanitizeHelper: support rails-html-sanitizer 1.1.0. Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/action_view/gem_version.rb new/lib/action_view/gem_version.rb --- old/lib/action_view/gem_version.rb 2019-08-16 19:58:57.0 +0200 +++ new/lib/action_view/gem_version.rb 2019-11-05 15:37:43.0 +0100 @@ -9,7 +9,7 @@ module VERSION MAJOR = 6 MINOR = 0 -TINY = 0 +TINY = 1 PRE = nil STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".") diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/action_view/helpers/form_tag_helper.rb new/lib/action_view/helpers/form_tag_helper.rb --- old/lib/action_view/helpers/form_tag_helper.rb 2019-08-16 19:58:57.0 +0200 +++ new/lib/action_view/helpers/form_tag_helper.rb 2019-11-05 15:37:44.0 +0100 @@ -166,6 +166,8 @@ # * :size - The number of visible characters that will fit in the input. # * :maxlength - The maximum number of characters that the browser will allow the user to enter. # * :placeholder - The text contained in the field by default which is removed when the field receives focus. + # If set to true, use a translation is found in the current I18n locale + # (through helpers.placeholders..). # * Any other key creates standard HTML attributes for the tag. # # Examples diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/action_view/helpers/tag_helper.rb new/lib/action_view/helpers/tag_helper.rb --- old/lib/action_view/helpers/tag_helper.rb 2019-08-16 19:58:57.0 +0200 +++ new/lib/action_view/helpers/tag_helper.rb 2019-11-05 15:37:44.0 +0100 @@ -88,7 +88,7 @@ if value.is_a?(Array) value = escape ? safe_join(value, " ") : value.join(" ") else -value = escape ? ERB::Util.unwrapped_html_escape(value) : value.to_s.dup +value = escape ? ERB::Util.unwrapped_html_escape(value).dup : value.to_s.dup end value.gsub!('"', "") %(#{key}="#{value}") diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/assets/compiled/rails-ujs.js new/lib/assets/compiled/rails-ujs.js --- old/lib/assets/compiled/rails-ujs.js2019-08-16 19:58:57.0 +0200 +++ new/lib/assets/compiled/rails-ujs.js2019-11-05 15:37:44.0 +0100 @@ -2,7 +2,7 @@ Unobtrusive JavaScript https://github.com/rails/rails/blob/master/actionview/app/assets/javascripts Released under the MIT license - */ + */; (function() { var context = this; @@ -320,7 +320,7 @@ if