Preparing for 3.2.18 release

actionpack/CHANGELOG.md

@@ -1,3 +1,16 @@
+## Rails 3.2.18 (May 6, 2014) ##
+
+*   Only accept actions without File::SEPARATOR in the name.
+
+    This will avoid directory traversal in implicit render.
+
+    Fixes: CVE-2014-0130
+
+    *Rafael Mendonça França*
+
+
+## Rails 3.2.17 (Feb 18, 2014) ##
+
 *   Use the reference for the mime type to get the format
 
     Fixes: CVE-2014-0082
@@ -6,6 +19,7 @@
 
     Fixes: CVE-2014-0081
 
+
 ## Rails 3.2.16 (Dec 12, 2013) ##
 
 *   Deep Munge the parameters for GET and POST Fixes CVE-2013-6417

actionpack/lib/action_pack/version.rb

@@ -2,7 +2,7 @@ module ActionPack
   module VERSION #:nodoc:
     MAJOR = 3
     MINOR = 2
-    TINY  = 17
+    TINY  = 18
     PRE   = nil
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')