This release closes a JSON XSS vulnerability, fixes a couple of minor
regressions introduced in 1.2.4, and backports a handful of features
and fixes from the 2.0 preview release.
All users of Rails 1.2.4 or earlier are advised to upgrade to 1.2.5,
though it isn''t strictly necessary if you aren''t working with
JSON.
For more information the JSON vulnerability, see CVE-2007-3227.
Summary of changes:
* acts_as_list: fixed an edge case where removing an item from the
list then destroying the item leads to incorrect item positioning
* deprecated calling .create on has_many associations with an unsaved
owner (like post = Post.new; post.comments.create)
* backport array and hash query parameters
* fix in place editor''s setter action with non-string fields
* updated config/boot.rb to correctly recognize RAILS_GEM_VERSION
To upgrade, `gem install rails`, set RAILS_GEM_VERSION to
''1.2.5'' in
config/environment.rb, and `rake rails:update:configs`.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---