nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
12710 commits 4 branches 0 tags 121 MiB
Commit graph

15 commits

Author SHA1 Message Date
Jonne Haß
f2ce9fa17f * Fix CVE-2013-0269 by updating the gems json to 1.7.7 and multi\_json to 1.5.1. [Read more](https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_YvCpLzL58) 
* Additionally ensure can't affect us by bumping Rails to 3.2.12. [Read more](https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/AFBKNY7VSH8)
* And exclude CVE-2013-0262 and CVE-2013-0263 by updating rack to 1.4.5.
 2013-02-11 20:51:02 +01:00
Jonne Haß
7134513b28 Fix XSS vulnerabilities caused by not escaping a users name fields when loading it from JSON. #3948 
From a quick look at the for us available databases this was not actually used in the wild.
 2013-02-01 22:20:31 +01:00
Florian Staudacher
b320e50236 bump Rails to 3.2.11 
see:
http://weblog.rubyonrails.org/2013/1/8/Rails-3-2-11-3-1-10-3-0-19-and-2-3-15-have-been-released/
 2013-01-09 00:09:07 +01:00
Jonne Haß
11f82c794e Bump to Rails 3.2.10 as per CVE-2012-5664 
https://groups.google.com/group/rubyonrails-security/browse_thread/thread/c2353369fea8c53
 2013-01-02 23:40:46 +01:00
Florian Staudacher
eea59b0918 Merge branch 'release/0.0.2.0' 
Conflicts:
	Changelog.md
	config/defaults.yml
 2012-11-20 19:11:48 +01:00
Jason Robinson
e974d2934f Always use basic Facebook Graph API to post messages, fixes public posts. Remove unnecessary Facebook opengraph config items 2012-11-02 00:23:33 +02:00
Florian Staudacher
e0d50c8522 bump version to 0.0.1.2 2012-10-24 19:54:37 +02:00
Jonne Haß
f0ef4a764e refactor script/server and associated stuff 2012-10-19 12:25:15 +02:00
Jonne Haß
3eb628c2a3 fix french javascript pluralization rule and add specs for locale loading 2012-10-09 22:36:30 +02:00
Jonne Haß
8493dfe86d post release version bump [ci skip] 2012-10-08 13:22:43 +02:00
Jonne Haß
1f9f0c2932 Changing release mode to true, hopefully the last commit ever violating the branching model. DO NOT BACKPORT THIS COMMIT TO DEVELOP 2012-10-07 15:08:21 +02:00
Jonne Haß
5c7a9c1ce6 Release cleanup, closes #3620 
* remove un-/underused gems
* remove their associated files
* remove some parallel_tests leftovers
 2012-09-30 22:26:23 +02:00
Jonne Haß
234b76a936 properly integrate asset_sync 2012-09-26 20:23:45 +02:00
Jonne Haß
ce728f6b7b add possibility to embed a resque worker into the unicorn process 2012-09-26 20:19:38 +02:00
Jonne Haß
2a4db54db9 New configuration system 
* Throw away old system
* Add new system
* Add new example files
* Replace all calls
* add the most important docs
* Add Specs
* rename disable_ssl_requirement to require_ssl
* cloudfiles isn't used/called in our code
* since community_spotlight.list is only used as enable flag replace it with such one and remove all legacy and irelevant codepaths around it
* die if session secret is unset and on heroku
* First basic infrastructure for version information
 2012-09-26 20:19:37 +02:00