From 7ce44840026a866b30cf79ca0de4a998fec58904 Mon Sep 17 00:00:00 2001 From: Jonas Heinrich Date: Wed, 17 Jun 2015 18:46:42 +0200 Subject: [PATCH 1/3] Adapt version to corresponding OpenProject core version. --- lib/open_project/version.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/open_project/version.rb b/lib/open_project/version.rb index 51b4328736..e1477a4c01 100644 --- a/lib/open_project/version.rb +++ b/lib/open_project/version.rb @@ -34,7 +34,7 @@ module OpenProject MAJOR = 4 MINOR = 0 - PATCH = 11 + PATCH = 12 TINY = PATCH # Redmine compat # Used by semver to define the special version (if any). From 809de73e3ca38a586c646590cf935ad6c65f59a1 Mon Sep 17 00:00:00 2001 From: Jens Ulferts Date: Tue, 23 Jun 2015 14:51:22 +0200 Subject: [PATCH 2/3] remove unsafe html_safe --- app/helpers/work_packages_helper.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/helpers/work_packages_helper.rb b/app/helpers/work_packages_helper.rb index 22e13cc0e5..a858920751 100644 --- a/app/helpers/work_packages_helper.rb +++ b/app/helpers/work_packages_helper.rb @@ -242,7 +242,7 @@ module WorkPackagesHelper title << content_tag(:span, l(:description_sub_work_package), :class => "hidden-for-sighted") end - issue_text = link_to(work_package.to_s.html_safe, work_package_path(work_package)) + issue_text = link_to(work_package.to_s, work_package_path(work_package)) end content_tag :tr, :class => css_classes.join(' ') do From 87646af3fa3f7a62728fc3d7c6c63e412dde0dbe Mon Sep 17 00:00:00 2001 From: Jens Ulferts Date: Wed, 22 Jul 2015 13:12:32 +0200 Subject: [PATCH 3/3] bump rack to 1.4.7 rack 1.4.6 contains a bug counting every multipart against the file multipart limit https://github.com/rack/rack/commit/bf5bd20c38a7b748da44ce7dbb04f3eb7b4e84ba --- Gemfile | 2 +- Gemfile.lock | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile b/Gemfile index 7b802ccbfe..1d5ea29bd7 100644 --- a/Gemfile +++ b/Gemfile @@ -118,7 +118,7 @@ gem 'unicorn' # Gems we don't depend directly on, but specify here to make sure we don't use a vulnerable # version. Please add a link to a security advisory when adding a Gem here. -gem 'rack', '~>1.4.6' +gem 'rack', '~>1.4.7' gem 'i18n', '~> 0.6.8' # see https://groups.google.com/forum/#!topic/ruby-security-ann/pLrh6DUw998 diff --git a/Gemfile.lock b/Gemfile.lock index 677d15b2f9..5584770313 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -261,7 +261,7 @@ GEM railties (>= 3.1, < 5.0) rabl (0.9.3) activesupport (>= 2.3.14) - rack (1.4.6) + rack (1.4.7) rack-accept (0.4.5) rack (>= 0.4) rack-cache (1.2) @@ -458,7 +458,7 @@ DEPENDENCIES pry-stack_explorer quiet_assets rabl (= 0.9.3) - rack (~> 1.4.6) + rack (~> 1.4.7) rack-protection! rack-test (~> 0.6.2) rack_session_access