From 72fe5a79c22f26e3581c1c241425a332e829d45e Mon Sep 17 00:00:00 2001
From: Dennis Schubert <mail@dennis-schubert.de>
Date: Tue, 26 Jan 2016 14:59:33 +0100
Subject: [PATCH 1/2] Prepeare 0.5.6.3 hotfix-hotfix

---
 Changelog.md        | 2 ++
 config/defaults.yml | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/Changelog.md b/Changelog.md
index a917cd788..aa6b06af6 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -1,3 +1,5 @@
+# 0.5.6.3
+
 # 0.5.6.2
 
 * Fix [CVE-2016-0751](https://groups.google.com/forum/#!topic/rubyonrails-security/9oLY_FCzvoc) - Possible Object Leak and Denial of Service attack in Action Pack
diff --git a/config/defaults.yml b/config/defaults.yml
index 50daf2f93..8648dae9c 100644
--- a/config/defaults.yml
+++ b/config/defaults.yml
@@ -4,7 +4,7 @@
 
 defaults:
   version:
-    number: "0.5.6.2" # Do not touch unless doing a release, do not backport the version number that's in master
+    number: "0.5.6.3" # Do not touch unless doing a release, do not backport the version number that's in master
   heroku: false
   environment:
     url: "http://localhost:3000/"

From ad20bb052c87622aaea6e77dae615c0e7d6ee34c Mon Sep 17 00:00:00 2001
From: Dennis Schubert <mail@dennis-schubert.de>
Date: Tue, 26 Jan 2016 15:18:02 +0100
Subject: [PATCH 2/2] Fix include_root_in_json misuse since it is no longer
 exposed for instances, our post_presenter failed hard.

---
 Changelog.md                     | 3 +++
 app/models/post.rb               | 2 ++
 app/presenters/post_presenter.rb | 1 -
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/Changelog.md b/Changelog.md
index aa6b06af6..d6aef13cf 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -1,5 +1,8 @@
 # 0.5.6.3
 
+Fix evil regression caused by Active Model no longer exposing
+`include_root_in_json` in instances.
+
 # 0.5.6.2
 
 * Fix [CVE-2016-0751](https://groups.google.com/forum/#!topic/rubyonrails-security/9oLY_FCzvoc) - Possible Object Leak and Denial of Service attack in Action Pack
diff --git a/app/models/post.rb b/app/models/post.rb
index e59576085..da0461b89 100644
--- a/app/models/post.rb
+++ b/app/models/post.rb
@@ -3,6 +3,8 @@
 #   the COPYRIGHT file.
 
 class Post < ActiveRecord::Base
+  self.include_root_in_json = false
+
   include ApplicationHelper
 
   include Diaspora::Federated::Shareable
diff --git a/app/presenters/post_presenter.rb b/app/presenters/post_presenter.rb
index b1df1a917..7eb4581bd 100644
--- a/app/presenters/post_presenter.rb
+++ b/app/presenters/post_presenter.rb
@@ -9,7 +9,6 @@ class PostPresenter < BasePresenter
   end
 
   def as_json(_options={})
-    @post.include_root_in_json = false
     @post.as_json(only: directly_retrieved_attributes).merge(non_directly_retrieved_attributes)
   end