rails-3.2 (3.2.19-1) unstable; urgency=medium

  * New upstream release. Contains fix for vulnerabilities in PostgreSQL
    database adapter.  [CVE-2014-3482] [CVE-2014-3483]

 -- Antonio Terceiro <terceiro@debian.org>  Thu, 17 Jul 2014 14:38:24 -0300

rails-3.2 (3.2.18-1) unstable; urgency=medium

  * New upstream release.
    + Contains fix for [CVE-2014-0130] Directory Traversal Vulnerability With
      Certain Route Configurations (Closes: #747382)

 -- Antonio Terceiro <terceiro@debian.org>  Sat, 10 May 2014 15:11:11 -0300

rails-3.2 (3.2.17-3) unstable; urgency=medium

  * railties: relax dependency on rdoc from ~> 3.4 to >= 3.4
    - this will make rails work with newer interpreters (e.g. Ruby 2.0
      provides rdoc 4.0.0)

 -- Antonio Terceiro <terceiro@debian.org>  Sat, 29 Mar 2014 14:27:24 -0300

rails-3.2 (3.2.17-2) unstable; urgency=medium

  * Drop Provides|Conflicts|Replaces agains unversioned packages
    (ruby-activerecord, ruby-actionpack etc). There is no reason for the
    binaries in this package to avoid the empty dependency packages from
    src:rails.

 -- Antonio Terceiro <terceiro@debian.org>  Fri, 28 Mar 2014 11:19:33 -0300

rails-3.2 (3.2.17-1) unstable; urgency=medium

  * New upstream release. Includes fixes for the following security issues:
    - XSS Vulnerability in number_to_currency, number_to_percentage and
      number_to_human [CVE-2014-0081]
    - Denial of Service Vulnerability in Action View when using render :text
      [CVE-2014-0082]
  * make ruby-activesupport-3.2 depend on ruby-test-unit since the patch
    changing test-unit to minitest was dropped (Closes: #733423, #738747)
  * ruby-rails-3.2: add ruby-uglifier to Recommends:
  * ruby-rails-3.2: add dependency on rubygems-integration

 -- Antonio Terceiro <terceiro@debian.org>  Mon, 17 Feb 2014 11:16:11 -0300

rails-3.2 (3.2.16-3+0) unstable; urgency=medium

  [ Ondřej Surý ]
  * Repack rails-3.2 based on the rails-4.0 packaging
    + Ignore all test results (for now)
  * New upstream version 3.2.16, fixes:
    + [CVE-2013-6417] Incomplete fix to CVE-2013-0155 (Unsafe Query
      Generation Risk)
    + [CVE-2013-4491] Reflective XSS Vulnerability in Ruby on Rails
    + [CVE-2013-6415] XSS Vulnerability in number_to_currency
    + [CVE-2013-6414] Denial of Service Vulnerability in Action View

  [ Antonio Terceiro ]
  * This source package includes all of the Rails components and supersedes
    the ones in the following individual packages:
    - rails3
    - ruby-actionmailer-3.2
    - ruby-actionpack-3.2
    - ruby-activemodel-3.2
    - ruby-activerecord-3.2
    - ruby-activeresource-3.2
    - ruby-activesupport-3.2
    - ruby-rails-3.2
    - ruby-railties-3.2
  * Changes with regards to current packages:
    - a basic as-installed test suite was added in debian/tests. Right now we
      will know when some dependency breaks the very basic use case of a new
      rails app, and as it evolves we will also catch more subtle problems.
    - Some dependencies were relaxed so they can be satisfied by packages in
      the archive which are newer than they were when rails 3 was released.
    - ruby-rails-3.2 now recommends packages needed to run the empty
      application created by `rails new`

 -- Ondřej Surý <ondrej@debian.org>  Wed, 04 Dec 2013 11:13:41 +0100
