mirror/growstuff
1
0
Fork 0
mirror of https://github.com/Growstuff/growstuff.git synced 2026-03-24 09:43:24 -04:00
Code Issues Packages Projects Releases Wiki Activity
2,680 Commits 64 Branches 76 Tags
744caef4f2e8aaea592b0e371d36855ae12e3bbc
Commit Graph

2680 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Cesy
744caef4f2 Merge pull request #806 from CloCkWeRX/bump_ruby_2_1_6 
Upgrade to ruby 2.1.6 for CVE-2015-1855
 2015-08-13 09:06:48 +01:00
Daniel O'Connor
5cac8743f8 Upgrade to ruby 2.1.6 for CVE-2015-1855: Ruby OpenSSL Hostname Verification 2015-08-13 15:06:56 +10:00
pozorvlak
9c4d83dad3 Merge pull request #801 from CloCkWeRX/fix_cve_2015_2963 
Fix CVE-2015-2963,  CVE-2015-3448, CVE-2015-1820 & CVE-2015-1840
 2015-08-12 17:08:27 +01:00
Daniel O'Connor
cafd49c143 Name: jquery-rails 
Version: 3.1.2
Advisory: CVE-2015-1840
Criticality: Unknown
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/XIZPbobuwaY
Title: CSRF Vulnerability in jquery-ujs and jquery-rails
Solution: upgrade to >= 4.0.4, ~> 3.1.3
 2015-08-12 16:59:14 +09:30
Daniel O'Connor
7c7c66348c Name: rest-client 
Version: 1.7.2
Advisory: CVE-2015-3448
Criticality: Unknown
URL: http://www.osvdb.org/show/osvdb/117461
Title: Rest-Client Gem for Ruby logs password information in plaintext
Solution: upgrade to >= 1.7.3

Name: rest-client
Version: 1.7.2
Advisory: CVE-2015-1820
Criticality: Unknown
URL: https://github.com/rest-client/rest-client/issues/369
Title: rubygem-rest-client: session fixation vulnerability via Set-Cookie headers in 30x redirection responses
Solution: upgrade to >= 1.8.0
 2015-08-12 16:57:58 +09:30
Daniel O'Connor
00ae4ed49f Name: paperclip 
Version: 4.2.1
Advisory: CVE-2015-2963
Criticality: Medium
URL: https://robots.thoughtbot.com/paperclip-security-release
Title: Paperclip Gem for Ruby vulnerable to content type spoofing
Solution: upgrade to >= 4.2.2
 2015-08-12 16:23:48 +09:30
Cesy
12a1484a26 Merge pull request #800 from CloCkWeRX/fix_all_checkbox_labels 
Fix more checkbox labels in registration and email editing
 2015-08-11 09:51:05 +01:00
Cesy
5bacdb71cc Merge pull request #798 from CloCkWeRX/cve-2015-3226 
Minor rails version upgrade to apply security fixes
 2015-08-11 08:23:58 +01:00
Cesy
6565e79057 Merge pull request #797 from CloCkWeRX/minor_usability_checkbox_login 
Style checkbox for 'remember me'
 2015-08-11 08:21:39 +01:00
Cesy
f4e53a58de Merge pull request #799 from CloCkWeRX/patch-1 
Update CONTRIBUTORS.md
 2015-08-11 08:17:38 +01:00
Daniel O'Connor
97cf1347d5 Fix clickable area for checkboxes in email editing 2015-08-11 13:45:47 +09:30
Daniel O'Connor
367e298d48 Fix clickable area for checkboxes in registration 2015-08-11 13:44:17 +09:30
Daniel O'Connor
e765387e22 Update CONTRIBUTORS.md 2015-08-11 10:31:43 +09:30
Daniel O'Connor
7b30c4237b Name: activesupport 
Version: 4.1.9
Advisory: CVE-2015-3227
Criticality: Unknown
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/bahr2JLnxvk
Title: Possible Denial of Service attack in Active Support
Solution: upgrade to >= 4.2.2, ~> 4.1.11, ~> 3.2.22

Name: activesupport
Version: 4.1.9
Advisory: CVE-2015-3226
Criticality: Unknown
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/7VlB_pck3hU
Title: XSS Vulnerability in ActiveSupport::JSON.encode
Solution: upgrade to >= 4.2.2, ~> 4.1.11
 2015-08-11 10:28:07 +09:30
Daniel O'Connor
b788cb44ef Remember that we're working in haml, not slim. 2015-08-11 10:23:50 +09:30
Daniel O'Connor
f61e2438e8 Style checkbox for 'remember me' and allow it to be clickable (minor usability/mobile UI annoyance) 2015-08-10 16:08:09 +09:30
pozorvlak
e503b1079d Merge pull request #796 from cesy/issue677 
Fix #677 by adding organic/GMO/heirloom to CSV and RSS
 2015-08-06 14:54:10 +01:00
pozorvlak
ccca343959 Merge pull request #795 from cesy/issue788 
Fix issue #788 with uncaught nil
 2015-08-06 14:46:53 +01:00
pozorvlak
63de10efd4 Merge pull request #794 from Growstuff/revert-793-revert-790-homepagetests 
Fixing #790 properly - caching posts on homepage
 2015-08-06 14:30:04 +01:00
Cesy
17c5fd61a3 Fix #677 by adding organic/GMO/heirloom to CSV and RSS 2015-08-06 12:23:00 +00:00
Cesy
44b8500fa8 Fix issue #788 with uncaught nil 2015-08-06 12:12:29 +00:00
Cesy
5a12b47c7c Revert "Revert "Fixing relative caching of post summary on homepage, fixed #789"" 2015-08-06 12:37:59 +01:00
Cesy
3db13785a1 Merge pull request #792 from cesy/removing775 
Revert "Merge pull request #775 from pozorvlak/speed_up_homepage"
 2015-08-06 12:37:35 +01:00
Cesy
69d94f7deb Merge pull request #793 from Growstuff/revert-790-homepagetests 
Revert "Fixing relative caching of post summary on homepage, fixed #789" that wasn't ready to merge yet
 2015-08-06 12:36:54 +01:00
Cesy
1ec188c793 Revert "Fixing relative caching of post summary on homepage, fixed #789" 2015-08-06 12:36:21 +01:00
Cesy
438b2444df Merge pull request #790 from cesy/homepagetests 
Fixing relative caching of post summary on homepage, fixed #789
 2015-08-06 12:34:15 +01:00
Cesy
de981689fc Revert "Merge pull request #775 from pozorvlak/speed_up_homepage" 
This reverts commit fa50ff47bb, reversing
changes made to 5b19d236d0.

Once fixed, please read https://www.kernel.org/pub/software/scm/git/docs/howto/revert-a-faulty-merge.html carefully to get it back in properly.
 2015-08-06 10:56:46 +00:00
Cesy
0681fac406 Correcting view test for posts 2015-08-06 09:51:14 +00:00
Cesy
9682300b85 Merge pull request #785 from sha1sum/notification_pagination 
Resolved #562 - Pagination of notifications.
 2015-08-06 10:40:02 +01:00
Cesy
6f95f1fecf Clarifying comment 2015-08-06 09:20:06 +00:00
Cesy
43fe29f113 Fixing relative caching of post summary on homepage, fixed #789 2015-08-06 09:18:32 +00:00
Cesy
fa50ff47bb Merge pull request #775 from pozorvlak/speed_up_homepage 
Speed up homepage by calculating "interesting" things more efficiently
 2015-08-05 19:18:56 +01:00
Cesy
5b19d236d0 Merge pull request #783 from pozorvlak/remove_last_count_calls 
Replace the last few .count and .length calls with .size where possible
 2015-08-05 18:57:04 +01:00
Cesy
cad2c90a4f Merge pull request #784 from pozorvlak/fail_noisily_if_no_secret 
Check existence of secret token before using it.
 2015-08-05 16:03:31 +01:00
Anthony Atkinson
919c25ca67 Fixing notifications index view spec to be compatible with new Kaminari pagination. 2015-08-01 11:58:13 -04:00
Anthony Atkinson
29f3cc3238 Updating new test additions and edits to features/harvests with Rspec3 Ruby2 syntax. 2015-08-01 11:39:51 -04:00
Anthony Atkinson
bc9a025788 Merge branch 'dev' into notification_pagination 2015-08-01 11:38:01 -04:00
Anthony Atkinson
a593aa2a4b Merge remote-tracking branch 'upstream/dev' into dev 2015-08-01 11:37:01 -04:00
pozorvlak
de63fdc952 Merge pull request #786 from sha1sum/open_service_in_footer 
Resolves #617 - Open Service graphic link in footer
 2015-07-28 22:00:19 +01:00
Anthony Atkinson
a2eb568eac Merge remote-tracking branch 'upstream/master' into dev 2015-07-25 14:09:06 -04:00
Anthony Atkinson
9d62c012f1 Resolves #617 - Open Service graphic link in footer 2015-07-25 13:34:16 -04:00
Anthony Atkinson
cbb50df8d0 Resolved #562 - Pagination of notifications. 2015-07-25 13:18:30 -04:00
Miles Gould
91a128ae7e Check existence of secret token before using it. 
People were forgetting to create config/environment.yml, which meant
that RAILS_SECRET_TOKEN wasn't being set, which meant that all tests
involving notifications failed. Unfortunately, the resulting wall of
error messages (https://gist.github.com/sha1sum/5debae6b700ff8fc0c76)
did not make the root cause remotely clear, leading to much confusion
and head-scratching all round.

This commit checks for the existence of RAILS_SECRET_TOKEN and fails
with an informative error message if it's missing.
 2015-07-24 15:16:31 +01:00
Miles Gould
d9dd797c33 Merge branch 'pr/782' into dev 2015-07-24 11:09:35 +01:00
Miles Gould
f970fc4db2 Fix another whitespace problem. 2015-07-24 11:09:22 +01:00
Miles Gould
8873986562 Merge branch 'pr/779' into dev 2015-07-24 11:05:21 +01:00
Miles Gould
40b5a47aae Remove trailing whitespace 2015-07-23 23:22:45 +01:00
Miles Gould
f29c0ad085 Replace .length calls with .size 2015-07-23 23:21:55 +01:00
Miles Gould
96b0198d41 Replace remaining calls to count() with size() 
The couple that aren't removed are required: for instance, there's a
Crop.count method, but no Crop.size method.
 2015-07-23 23:05:39 +01:00
Miles Gould
48649d1986 Clarify comment on an order-dependent feature test 2015-07-23 22:00:06 +01:00