adding security notifications to CHANGELOGs

2026-01-10 07:08:08 -05:00 · 2012-05-31 10:23:39 -07:00
parent 71827489e9
commit 44aca7b295
2 changed files with 6 additions and 0 deletions
--- a/actionpack/CHANGELOG.md
+++ b/actionpack/CHANGELOG.md
@@ -21,6 +21,9 @@

 *   Fix the redirect when it receive blocks with arity of 1. Closes #5677

+*   Strip [nil] from parameters hash. Thanks to Ben Murphy for
+    reporting this! CVE-2012-2660
+
 ## Rails 3.2.3 (March 30, 2012) ##

 *   Allow to lazy load `default_form_builder` by passing a `String` instead of a constant. *Piotr Sarnacki*
--- a/activerecord/CHANGELOG.md
+++ b/activerecord/CHANGELOG.md
@@ -13,6 +13,9 @@

 *   Fix #5667. Preloading should ignore scoping.

+*   Predicate builder should not recurse for determining where columns.
+    Thanks to Ben Murphy for reporting this! CVE-2012-2661
+
 ## Rails 3.2.3 (March 30, 2012) ##

 *   Added find_or_create_by_{attribute}! dynamic method. *Andrew White*