OHR Support:6d87b8b297e21f9901852eaf36b8f479b309c1ac commitshttps://ohwr.org/project/ohr-support/commits/6d87b8b297e21f9901852eaf36b8f479b309c1ac2013-01-06T22:50:32Zhttps://ohwr.org/project/ohr-support/commit/6d87b8b297e21f9901852eaf36b8f479b309c1acSQL Injection Vulnerability in Ruby on Rails (CVE-2012-5664) #11952013-01-06T22:50:32ZHolger Justhjust@meine-er.dehttps://ohwr.org/project/ohr-support/commit/bd509a40084d7092c514d8a053fcb6bd8683722cBump version to 2.7.32012-06-13T08:29:12ZHolger Justhjust@meine-er.dehttps://ohwr.org/project/ohr-support/commit/b0ec4c140d3de40f38987a68533de6f055f46856Update changelog for v2.7.32012-06-13T08:28:55ZHolger Justhjust@meine-er.dehttps://ohwr.org/project/ohr-support/commit/e178f1ce9c9999ebd7f8f16dbfc996badd961c83Fix SQL injection via nested hashes in conditions. CVE-2012-2695 #10372012-06-13T08:27:30ZHolger Justhjust@meine-er.dehttps://ohwr.org/project/ohr-support/commit/c3d3bec47f42fb375c5a99e23afae6a52bab5938Fix SQL injection via nested hashes in conditions (CVE-2012-2694) #10362012-06-13T08:27:21ZHolger Justhjust@meine-er.dehttps://ohwr.org/project/ohr-support/commit/8d56d32774bdcc7e2b75d32ad3a25533f36c21b3Bump to 2.7.22012-06-09T16:17:46ZHolger Justhjust@meine-er.dehttps://ohwr.org/project/ohr-support/commit/44564405351c1a55e60b7102ad8eddec6e629c7eUpdate changelog for v2.7.22012-06-09T16:17:14ZHolger Justhjust@meine-er.dehttps://ohwr.org/project/ohr-support/commit/f959b9bdb98fa5cfd1311c366bf1dafab6c2dc2c[#1025] Fix Rails vulnerability (CVE-2012-2660)2012-06-09T16:03:41ZHolger Justhjust@meine-er.dehttps://ohwr.org/project/ohr-support/commit/9d32e68ec05f965b7929dc410ee53f4f0bfd1ed2Bump version to 2.7.12012-04-04T12:09:08ZHolger Justh.just@finn.dehttps://ohwr.org/project/ohr-support/commit/80289c5a70ab3b08e4f2806689e6271b35036d67Set user_id as a protected attribute (#922).2012-04-04T12:06:01ZJean-Philippe Langjp_lang@yahoo.frhttps://ohwr.org/project/ohr-support/commit/902c624b4763a8cce69b3f3869e210dd86f48d6cPrevent mass-assignment vulnerability when adding/updating a wiki (#922).2012-04-04T12:06:00ZJean-Philippe Langjp_lang@yahoo.frhttps://ohwr.org/project/ohr-support/commit/aee7d7315b7b35d1152b33381e6f1dc8d273ea7bPrevent mass-assignment vulnerability when adding/updating a version (#922).2012-04-04T12:05:41ZJean-Philippe Langjp_lang@yahoo.frhttps://ohwr.org/project/ohr-support/commit/1f108174445bb0363c1bede9a12f6290168246faPrevent mass-assignment vulnerability when adding/updating a time entry (#922).2012-04-04T11:39:37ZJean-Philippe Langjp_lang@yahoo.frhttps://ohwr.org/project/ohr-support/commit/ea3ff66b8e755880ec6bafc94526a4903c679c9dUse safe_attributes= just like in #create. (#922)2012-04-04T11:39:37ZJean-Philippe Langjp_lang@yahoo.frhttps://ohwr.org/project/ohr-support/commit/ee99b2de03960f547688605702edbdb1e262f0a4Prevent mass-assignment vulnerability when adding/updating a news (#922).2012-04-04T11:39:37ZJean-Philippe Langjp_lang@yahoo.frhttps://ohwr.org/project/ohr-support/commit/4c322d379e3792895daf661fd1714595aadec034Prevent mass-assignment vulnerability when adding/updating a forum message (#...2012-04-04T11:39:36ZJean-Philippe Langjp_lang@yahoo.frhttps://ohwr.org/project/ohr-support/commit/f12b9fca08ab015037182bae94106ca70105771dPrevent mass-assignment vulnerability when adding a project member (#922).2012-04-04T11:39:36ZJean-Philippe Langjp_lang@yahoo.frhttps://ohwr.org/project/ohr-support/commit/296b3173ef01227232b9ea9d67404bf8e5e571f8Prevent mass-assignment vulnerability when adding/updating an issue category ...2012-04-04T11:39:20ZJean-Philippe Langjp_lang@yahoo.frhttps://ohwr.org/project/ohr-support/commit/c651ba1a98ad09c4d60dc8f3065c181dfa8a4bd4Prevent mass-assignment vulnerability when adding/updating a document (#922).2012-04-04T11:30:21ZJean-Philippe Langjp_lang@yahoo.fr
Conflicts:
app/controllers/documents_controller.rbhttps://ohwr.org/project/ohr-support/commit/ad996d7839ef29c608df67e2b3c56f6b8f6feb70Merge branch 'release-v2.7.0' into stable2012-02-06T22:40:10ZHolger Justhjust@meine-er.dehttps://ohwr.org/project/ohr-support/commit/608fd61138257663bbfd3723db5cc0c80842b13fBump version to 2.7.02012-02-06T22:36:58ZHolger Justhjust@meine-er.dehttps://ohwr.org/project/ohr-support/commit/a059cb489286ef16dda416b5d68bf1e0c152ef26Update changelog for 2.7.0 release2012-02-06T22:36:29ZHolger Justhjust@meine-er.dehttps://ohwr.org/project/ohr-support/commit/aa5be5132dd57cb6f58b021c6c9f9e4f2baed1e1[#593] Generate wiki content notifications in the JournalObserver - backporte...2012-02-06T21:54:53ZHolger Justh.just@finn.de
This will prevent the usage of the wrong wiki_content status.
The code is not overly pretty and deserves a thorough refactoring, but at
least it solves the problem at hand.https://ohwr.org/project/ohr-support/commit/6fd9bc490f063a36f9aa673059195a9779dffd5f[#849 #789] Remove config.ru - Backport for 2.72012-02-06T21:50:38ZHolger Justhjust@meine-er.de
Rails 2.3 doesn't work well as a rack-only apphttps://ohwr.org/project/ohr-support/commit/f417996ff0542efe7f35e4aa8a8a3cade6eed1cf[#839] Remove ruby-debug dependency - Backport for 2.72012-02-06T21:50:10ZHolger Justhjust@meine-er.de
It completely breaks on Ruby 1.9.3-p0. This is a stopper for people installing all groups. For the rest it is rarely used at all. Developers and testers requiring it can include it into their Gemfile.localhttps://ohwr.org/project/ohr-support/commit/43afcde38dc0ba601d1d2c912a7abc576aed2f9b[#875] Fix typo2012-02-01T16:26:07ZHolger Justhjust@meine-er.dehttps://ohwr.org/project/ohr-support/commit/58435c82e4aca27889b2bcfe3dbf91f6800a8a66[#775] Remove noisy journals on Attachments and Messages2012-01-31T15:03:01ZHolger Justh.just@finn.dehttps://ohwr.org/project/ohr-support/commit/01fefe8d3b275267dca52ef414252e5d036682ae[#775] Don't create a new journal on parent message on reply2012-01-31T15:02:56ZHolger Justh.just@finn.dehttps://ohwr.org/project/ohr-support/commit/fb595ec7f9220e93ef903f223d87128babaf7bca[#775] Don't create a new journal on Attachment#increment_download2012-01-31T15:02:49ZHolger Justh.just@finn.dehttps://ohwr.org/project/ohr-support/commit/11b441f7453a11de8acdd5b734324ae2fd892e05Load Gemfiles from vendor/chiliproject_plugins2012-01-11T11:02:25ZHolger Justhjust@meine-er.dehttps://ohwr.org/project/ohr-support/commit/cd0ea44ff8dcc1a931c9ed54860d786f97304605[#822] Provide a default log_encoding even if the db column is not present yet2012-01-10T17:32:38ZHolger Justhjust@meine-er.dehttps://ohwr.org/project/ohr-support/commit/4c0b1953807e3ce8a652b2328bdd9ceb3dcfd546[#819] set RAILS_ENV if only RACK_ENV is provided2012-01-05T23:56:57ZHolger Justh.just@finn.dehttps://ohwr.org/project/ohr-support/commit/ec9352dffe0ba52d9f87fd6e3e5cdb9d509acc57Merge branch 'release-v2.6.0' into stable2012-01-03T19:48:31ZHolger Justh.just@finn.dehttps://ohwr.org/project/ohr-support/commit/939fd0b9fa97060afe6b8bf8887b783bf5f9968fBump version to 2.6.02012-01-03T19:46:58ZHolger Justh.just@finn.dehttps://ohwr.org/project/ohr-support/commit/4d4b5b6642a720ac1ce7903d730f83617fbf962aUpdate changelog for 2.6.0 release2012-01-03T19:45:16ZHolger Justh.just@finn.dehttps://ohwr.org/project/ohr-support/commit/7ef1c41aa0ff17c67106b70c3f627630b7810ddeForce source encoding to UTF-82012-01-03T19:43:42ZHolger Justh.just@finn.dehttps://ohwr.org/project/ohr-support/commit/4577e54f046c95be4c987c15b8f24c786f63bfffFix trailing whitespace2012-01-03T19:43:08ZHolger Justh.just@finn.dehttps://ohwr.org/project/ohr-support/commit/e95b4992e4144658a44c86dcbecd474f2d39fb47Update copyright for 20122012-01-03T19:36:40ZHolger Justh.just@finn.de
We programmers have a nice new years tradition: We revisit all of our
projects and add 1 to a small number near a "(c)".
-- Volker Dusch
<a href="https://twitter.com/__edorian/status/153801913442373633" rel="nofollow noreferrer noopener" target="_blank">https://twitter.com/__edorian/status/153801913442373633</a>https://ohwr.org/project/ohr-support/commit/f90d0fd775805ab2c8fc7cbb6ab7ec1e8ac32da9Update locales2012-01-03T19:29:25ZHolger Justh.just@finn.dehttps://ohwr.org/project/ohr-support/commit/0f0e42448a20e5e51164fdf5265fc2d2d43ade6fOverwrite compact on child class of Array to not return an instance of Array2012-01-03T18:45:38ZHolger Justh.just@finn.de
This is necessary because in Ruby 1.9.3, the behavior of an internal dup of
the array (rb_ary_dup) was changed to always return an array instance, not
an instance of the actual class which it was working on.
Why can't people just stick to what works but instead try to have special
snowflakes everywhere? </rant>