[ol7_software_collections] ruby193-rubygem-actionpack-1:3.2.8-20.el7.noarch

Name:	ruby193-rubygem-actionpack
Epoch:	1
Version:	3.2.8
Release:	20.el7
Architecture:	noarch
Group:	Development/Languages
Size:	1105697
License:	MIT
RPM:	ruby193-rubygem-actionpack-3.2.8-20.el7.noarch.rpm
Source RPM:	ruby193-rubygem-actionpack-3.2.8-20.el7.src.rpm
Build Date:	Mon Sep 26 2016
Build Host:	x86-ol7-builder-01.us.oracle.com
Vendor:	Oracle America
URL:	http://www.rubyonrails.org
Summary:	Web-flow and rendering framework putting the VC in MVC
Description:	Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling easy unit/integration testing that doesn't require a browser.

Changelog (Show File list) (Show related packages)

Tue Aug 23 2016 Pavel Valena <pvalena@redhat.com> - 1:3.2.8-20

- Fix for CVE-2016-6316 cross-site scripting flaw in Action View
  Resolves: rhbz#1365008

Tue Mar 08 2016 Vít Ondruch <vondruch@redhat.com> - 1:3.2.8-16

- Update the CVE-2016-2097 to the latest upstream version.
  Related: CVE-2016-2097
- Update the CVE-2016-2098 patch to the latest upstream version.
  Related: CVE-2016-2098

Wed Feb 24 2016 Vít Ondruch <vondruch@redhat.com> - 1:3.2.8-15

- Fix Directory traversal and information leak in Action View.
  Resolves: CVE-2016-2097
- Fix code injection vulnerability.
  Resolves: CVE-2016-2098

Tue Feb 23 2016 Vít Ondruch <vondruch@redhat.com> - 1:3.2.8-14

- Fix Timing attack vulnerability in Action Controller.
  Resolves: CVE-2015-7576
- Fix Possible Object Leak and Denial of Service attack.
  Resolves: CVE-2016-0751
- Fix Possible Information Leak Vulnerability.
  Resolves: CVE-2016-0752

Wed May 14 2014 Vít Ondruch <vondruch@redhat.com> - 1:3.2.8-13
```
- Fixes for CVE-2014-0130
  - Resolves: rhbz#1096086
```
Thu Feb 20 2014 Josef Stribny <jstribny@redhat.com> - 1:3.2.8-11
```
- Fix for  CVE-2014-0082
  - Resolves: rhbz#1065891
```
Tue Feb 18 2014 Josef Stribny <jstribny@redhat.com> - 1:3.2.8-10
```
- Fix for CVE-2014-0081
  - Resolves: rhbz#1065891
```

Mon Feb 17 2014 Josef Stribny <jstribny@redhat.com> - 1:3.2.8-9

- Depend on scldevel(v8) virtual provide
  - Resolves: rhbz#1065887

Tue Feb 11 2014 Vít Ondruch <vondruch@redhat.com> - 1:3.2.8-8

- Fix regression introduced by CVE-2013-6415.
  - Resolves: rhbz#1038194

Tue Dec 03 2013 Vít Ondruch <vondruch@redhat.com> - 1:3.2.8-7

- Fix i18n missing translation XSS.
  * rubygem-actionpack-3.2.16-CVE-2013-4491-Stop-using-i18ns-built-in-HTML-error-handling.patch
  - Resolves: CVE-2013-4491
- Fix Action View DoS.
  * rubygem-actionpack-3.2.16-CVE-2013-6414-Only-use-valid-mime-type-symbols-as-cache-keys.patch
  - Resolves: CVE-2013-6414
- Fix number_to_currency XSS.
  * rubygem-actionpack-3.2.16-CVE-2013-6415-Escape-the-unit-value-provided-to-number_to_currency.patch
  - Resolves: CVE-2013-6415
- Fix unsafe query generation risk in Ruby on Rails (incomplete fix for
  CVE-2013-0155) (CVE-2013-6417).
  * rubygem-actionpack-3.2.16-CVE-2013-6417-Deep-Munge-the-parameters-for-GET-and-POST.patch
  - Resolves: CVE-2013-6417