rails (2:6.1.7.10+dfsg-1~deb12u1) bookworm-security; urgency=medium
* New upstream version 6.1.7.10+dfsg.
(Fixes: CVE-2023-28362, CVE-2023-38037, CVE-2024-26144, CVE-2024-28103,
CVE-2024-41128, CVE-2024-47887, CVE-2024-47888, CVE-2024-47889)
(Closes: #1051058, #1051057, 1065119, #1072705, #1085376)
* Add patch to add CSP directive validation.
(Fixes: CVE-2024-54133) (Closes: #1089755)
-- Utkarsh Gupta <utkarsh@debian.org> Fri, 14 Mar 2025 20:02:55 +0530
rails (2:6.1.7.3+dfsg-2~deb12u1) bookworm; urgency=medium
* Non-maintainer upload.
* Rebuild for bookworm.
-- Andreas Beckmann <anbe@debian.org> Mon, 17 Jun 2024 15:06:27 +0200
rails (2:6.1.7.3+dfsg-2) unstable; urgency=medium
* debian/control:
- Declare that ruby-activerecord breaks and replaces ruby-arel: it was
merged five years ago, is therefore obsolete and to be removed.
(Closes: #1038935)
-- Georg Faerber <georg@debian.org> Sun, 25 Jun 2023 11:53:59 +0000
rails (2:6.1.7.3+dfsg-1) unstable; urgency=medium
* Team upload.
* New upstream version 6.1.7.3+dfsg. Closes: #1030050.
+ This is a security-only release from a rails stable branch.
Upstream changelogs:
https://github.com/rails/rails/releases/tag/v6.1.7.1
https://github.com/rails/rails/releases/tag/v6.1.7.2
https://github.com/rails/rails/releases/tag/v6.1.7.3
Fixed CVEs: CVE-2023-22796 CVE-2023-22794 CVE-2022-44566 CVE-2023-22795
CVE-2023-22792 CVE-2023-28120 CVE-2023-23913
+ All reverse dependencies and build-dependencies have been
tested using the ruby team's tooling. No regressions were found.
-- Lucas Nussbaum <lucas@debian.org> Sat, 25 Mar 2023 23:39:22 +0100
rails (2:6.1.7+dfsg-3) unstable; urgency=medium
* Team upload
[ Nilesh Patra ]
* Add patche to fix FTBFS with rollup 3
[ Antonio Terceiro ]
* Add patch for compatibility with ruby3.1
-- Antonio Terceiro <terceiro@debian.org> Fri, 09 Dec 2022 17:09:01 -0300
rails (2:6.1.7+dfsg-2) unstable; urgency=medium
* Team Upload.
* d/p/0002-disable-uglify-in-activestorage-rollup-config-js.patch:
+ Use modulePaths instead of moduleDirectories (Closes: #1022332)
-- Nilesh Patra <nilesh@debian.org> Sat, 29 Oct 2022 21:37:16 +0530
rails (2:6.1.7+dfsg-1) unstable; urgency=medium
* New upstream version 6.1.7+dfsg.
* Drop patches that have been included in this release.
* Refresh d/patches.
-- Utkarsh Gupta <utkarsh@debian.org> Mon, 12 Sep 2022 22:40:02 +0530
rails (2:6.1.6.1+dfsg-4) unstable; urgency=high
* Add patch to allow Date, Time, ActiveSupport::HashWithIndifferentAccess
in YAML columns.
-- Utkarsh Gupta <utkarsh@debian.org> Wed, 07 Sep 2022 04:21:07 +0530
rails (2:6.1.6.1+dfsg-3) unstable; urgency=high
* Add patch to remove active_record.yaml initializers.
-- Utkarsh Gupta <utkarsh@debian.org> Tue, 06 Sep 2022 04:54:43 +0530
rails (2:6.1.6.1+dfsg-2) unstable; urgency=high
[ Pirate Praveen ]
* Add <!nocheck> for ruby-selenium-webdriver
[ Utkarsh Gupta ]
* Add patch to allow Symbols in YAML columns. (Closes: #1018934)
-- Utkarsh Gupta <utkarsh@debian.org> Tue, 06 Sep 2022 04:34:47 +0530
rails (2:6.1.6.1+dfsg-1) unstable; urgency=medium
[ Pirate Praveen ]
* Remove <!nocheck> build profile from runtime dependencies.
[ Utkarsh Gupta ]
* New upstream version 6.1.6.1+dfsg. (Fixes: CVE-2022-22577,
CVE-2022-27777, CVE-2022-32224) (Closes: #1011941, #1016982, #1016140)
* d/control: Update minimum version of ruby-selenium-webdriver to 4.0.0
for autopkgtest. :)
[ Gabriela Pivetta ]
* d/p/activerecord-add-missing-require-statements.patch: Drop
patch that has been merged upstream.
* d/patches: Refresh patches.
-- Gabriela Pivetta <gpivetta99@gmail.com> Thu, 18 Aug 2022 15:46:46 -0300
rails (2:6.1.4.7+dfsg-2) unstable; urgency=medium
* Team upload.
* Skip flaky tests in activesupport (Closes: #1006981)
-- Pirate Praveen <praveen@debian.org> Tue, 21 Jun 2022 15:40:07 +0530
rails (2:6.1.4.7+dfsg-1) unstable; urgency=medium
* Team upload.
* Update filenamemangle in watch file regex
* New upstream version 6.1.4.7+dfsg (Fixes: CVE-2022-21831)
* Convert rails-ujs.coffee to js using coffee command line and pass
javascript code to blade tool instead of directly passing coffeescript.
This fixes build failure caused by coffeescript 2 outputting ES6
(Closes: #1013218)
-- Pirate Praveen <praveen@debian.org> Mon, 20 Jun 2022 23:48:08 +0530
rails (2:6.1.4.6+dfsg-3) unstable; urgency=medium
* Team upload.
* Switch to ruby-terser from ruby-uglifier (better maintained fork)
-- Pirate Praveen <praveen@debian.org> Wed, 01 Jun 2022 18:32:47 +0530
rails (2:6.1.4.6+dfsg-2) unstable; urgency=medium
* Skip flaky tests (Closes: #1006981)
-- Antonio Terceiro <terceiro@debian.org> Sat, 30 Apr 2022 09:24:12 -0300
rails (2:6.1.4.6+dfsg-1) unstable; urgency=medium
* Team upload.
* New upstream version 6.1.4.6+dfsg
-- Pirate Praveen <praveen@debian.org> Wed, 02 Mar 2022 08:26:52 +0530
rails (2:6.1.4.1+dfsg-8) unstable; urgency=medium
* Team upload.
* d/control (Breaks): Add more packages for the transition.
(Depends): Remove interpreter and use ruby:any.
(Build-Depends): Raise ruby-globalid version due to rails/globalid#123.
* d/patches/relax-dependencies.patch: Adjust.
- Relax dependencies in created app Gemfile as well.
* d/patches/use-system-webpacker.patch: Adjust.
- Set to current webpacker version.
* d/source/lintian-overrides: Fix overrides.
-- Daniel Leidert <dleidert@debian.org> Thu, 02 Dec 2021 07:30:48 +0100
rails (2:6.1.4.1+dfsg-7) unstable; urgency=medium
* Team upload.
* d/control (Breaks): Add ruby-actionpack-action-caching,
ruby-actionpack-page-caching, ruby-activerecord-nulldb-adapter,
ruby-data-migrate.
* d/patches/temporarily-disable-encoded-key-cache-behavior-test.patch: Add.
- Disable flaky test. Upstream discovered several race conditions.
Don't let them stop the transition.
* d/patches/series: Enable new patch.
-- Daniel Leidert <dleidert@debian.org> Mon, 29 Nov 2021 03:44:54 +0100
rails (2:6.1.4.1+dfsg-6) unstable; urgency=medium
* Team upload.
* d/patches/disable-rack-mini-profiler-gem.patch: Add patch.
- Comment out rack-mini-profiler gem until it has been packaged.
* d/patches/series: Add new patch.
-- Daniel Leidert <dleidert@debian.org> Sun, 28 Nov 2021 23:14:36 +0100
rails (2:6.1.4.1+dfsg-5) unstable; urgency=medium
* Team upload
[ Cédric Boutillier ]
* Source-only reupload
* The 6.1 version:
- has tests working with ruby3.0 (Closes: #998507)
- uses puma >= 5 (Closes: #997883)
- fixes tests for ruby-rspec-rails (Closes: #996377)
* relax-dependencies.patch: relax more gem dependencies
+ on webpacker
+ on selenium-webdriver
+ on mysql2
+ on redis-namespace
* Build-depend on ruby-webpacker
* Declare breaking older packages:
+ ruby-activesupport breaks ruby-delayed-job < 4.1.8
+ ruby-activerecord breaks delayed-job-active-record < 4.1.5
* Depend on ruby-web-console >= 4.1 and break earlier versions
[ Antonio Terceiro ]
* Add patch: activerecord: add missing require statements
* debian/rules: removing trailing whitespace
* debian/rules: look for nocheck in DEB_BUILD_OPTIONS
* Add missing build dependency on ruby-webrick
-- Antonio Terceiro <terceiro@debian.org> Mon, 22 Nov 2021 19:18:38 -0300
rails (2:6.1.4.1+dfsg-4) unstable; urgency=medium
* Team upload
* Upload with nocheck profile and with binaries to break circular dependency
with version incompatibilities rails/ruby-sprockets-rails/ruby-tzinfo
-- Cédric Boutillier <boutil@debian.org> Fri, 19 Nov 2021 18:13:00 +0100
rails (2:6.1.4.1+dfsg-3) unstable; urgency=medium
* No-change rebuild for unstable.
- Let's break the world. \o/
-- Utkarsh Gupta <utkarsh@debian.org> Mon, 15 Nov 2021 22:41:51 +0530
rails (2:6.1.4.1+dfsg-2) experimental; urgency=medium
* Team Upload
* Update minimum version of dependencies, for partial update from buster,
thanks to lepalom. ruby-zeitwerk (>= 2.3~), ruby-i18n (>= 1.6~),
ruby-thor (>= 1.0~)
-- Pirate Praveen <praveen@debian.org> Mon, 20 Sep 2021 20:27:32 +0530
rails (2:6.1.4.1+dfsg-1) experimental; urgency=medium
* Team Upload
* New upstream version 6.1.4.1+dfsg
* Bump Standards-Version to 4.6.0 (no changes needed)
-- Pirate Praveen <praveen@debian.org> Wed, 15 Sep 2021 21:00:57 +0530
rails (2:6.1.4+dfsg-4) experimental; urgency=medium
[ Pirate Praveen ]
* Fix silent build failure and adapt rollup.config.js for recent changes
(cherry pick from master-6.0 branch)
[ Utkarsh Gupta ]
* Drop Jongmin Kim from uploaders. (cherry pick from master-6.0 branch)
[ Pirate Praveen ]
* Fix syntax error introduced in patch (fixes ftbfs)
-- Pirate Praveen <praveen@debian.org> Thu, 09 Sep 2021 23:28:50 +0530
rails (2:6.1.4+dfsg-3) experimental; urgency=medium
* Team Upload
* Enable gemspec dependency check during build
* Add ruby-mini-mime dependency
-- Pirate Praveen <praveen@debian.org> Tue, 07 Sep 2021 22:46:37 +0530
rails (2:6.1.4+dfsg-2) experimental; urgency=medium
* Binary included upload to fix circular dependency
-- Sruthi Chandran <srud@debian.org> Mon, 06 Sep 2021 23:06:39 +0530
rails (2:6.1.4+dfsg-1) experimental; urgency=medium
[ Utkarsh Gupta ]
* New upstream version 6.1.0+dfsg
* Refresh the first patch
[ Sruthi Chandran ]
* New upstream version 6.1.4+dfsg
* Refresh patches
* Exclude minified file (clipboard.js)
-- Sruthi Chandran <srud@debian.org> Tue, 27 Jul 2021 00:57:58 +0530
rails (2:6.0.3.7+dfsg-2) unstable; urgency=medium
* Partially revert "Update minimum version of ruby-marcel to 1.0~".
* Add patch relax marcel for bullseye.
-- Utkarsh Gupta <utkarsh@debian.org> Fri, 09 Jul 2021 00:33:18 +0530
rails (2:6.0.3.7+dfsg-1) unstable; urgency=high
* Upload to unstable directly.
* New upstream version 6.0.3.7+dfsg. (Closes: #988214)
- Prevent slow regex when parsing host authorization header.
(Fixed: CVE-2021-22904)
- Prevent catastrophic backtracking during mime parsing.
(Fixes: CVE-2021-22902)
- Prevent string polymorphic route arguments.
(Fixes: CVE-2021-22885)
-- Utkarsh Gupta <utkarsh@debian.org> Sat, 15 May 2021 16:05:45 +0530
rails (2:6.0.3.6+dfsg-2) experimental; urgency=medium
* Install @rails/actioncable node module and Provide node-rails-actioncable
-- Pirate Praveen <praveen@debian.org> Sun, 02 May 2021 23:47:43 +0530
rails (2:6.0.3.6+dfsg-1) experimental; urgency=medium
* Team Upload
* New upstream version 6.0.3.6+dfsg (upgrade Active Storage’s Marcel
dependency to version 1.0.0.)
Before 1.0.0, Marcel—which is distributed under the terms of the MIT
License, like Rails—indirectly depended on MIME type data released under
the GNU General Public License making the effective license of rails
applications GPL. Marcel 1.0.0 instead directly packages MIME type data
adapted from Apache Tika, released under the permissive and compatible
Apache License 2.0.
* Update minimum version of ruby-marcel to 1.0~
-- Pirate Praveen <praveen@debian.org> Thu, 29 Apr 2021 15:52:41 +0530
rails (2:6.0.3.5+dfsg-1) unstable; urgency=high
* New upstream version 6.0.3.5+dfsg.
- Fix possible DoS vector in PostgreSQL money type.
(Fixes: CVE-2021-22880)
- Prevent open redirect when allowed host starts with a dot.
(Fixes: CVE-2021-22881)
* Fix d/gbp.conf for master-6.0 branch.
* Drop Jongmin Kim from uploaders.
- Thanks, Jongmin, for all the work so far!
-- Utkarsh Gupta <utkarsh@debian.org> Sun, 14 Feb 2021 18:48:21 +0530
rails (2:6.0.3.4+dfsg-3) unstable; urgency=medium
[ Pirate Praveen ]
* Fix silent build failure and adapt rollup.config.js for
recent changes. (Closes: #979133)
-- Utkarsh Gupta <utkarsh@debian.org> Wed, 03 Feb 2021 22:12:15 +0530
rails (2:6.0.3.4+dfsg-2) unstable; urgency=medium
[ Pirate Praveen ]
* Allow build with "nocheck" build profile to skip selenium
dependency. (Closes: #974065)
- Thanks, Sven Mueller, for the patch.
* Drop build dependency on qunit-selenium. (Closes: #976291)
- We do not have tests enabled that need qunit-selenium.
[ Utkarsh Gupta ]
* Fix d/control spacing issue.
* Remove unnecessary version guards.
+ cme fix dpkg to the resuce.
* Bump debhelper-compat to 13.
* Re-format d/gbp.conf.
- To help properly branch out stuff.
-- Utkarsh Gupta <utkarsh@debian.org> Sat, 12 Dec 2020 02:42:08 +0530
rails (2:6.0.3.4+dfsg-1) unstable; urgency=medium
* New upstream version 6.0.3.4+dfsg
- Fix a possible XSS vulnerability in Action Pack in
Development Mode. (Fixes: CVE-2020-8264) (Closes: #971988)
-- Utkarsh Gupta <utkarsh@debian.org> Mon, 12 Oct 2020 00:28:24 +0530
rails (2:6.0.3.3+dfsg-1) unstable; urgency=medium
[ Cédric Boutillier ]
* [ci skip] Update team name
* [ci skip] Add .gitattributes to keep unwanted files out of the
source package
[ Utkarsh Gupta ]
* New upstream version 6.0.3.3+dfsg
- Ensure values directly from `options[:default]` are not marked
as `html_safe`. (Fixes: CVE-2020-15169) (Closes: #970040)
-- Utkarsh Gupta <utkarsh@debian.org> Fri, 11 Sep 2020 09:32:28 +0530
rails (2:6.0.3.2+dfsg-11) unstable; urgency=medium
* Team Upload
* Move yarnpkg to recommends of rails meta package
(To help testing migration)
-- Pirate Praveen <praveen@debian.org> Fri, 28 Aug 2020 14:49:09 +0530
rails (2:6.0.3.2+dfsg-10) unstable; urgency=medium
* Team Upload
* Skip creating javascript and webpack installation in newapp autopkgtest
(This fixes autopkgtest regression in arm64)
-- Pirate Praveen <praveen@debian.org> Thu, 27 Aug 2020 23:24:41 +0530
rails (2:6.0.3.2+dfsg-9) unstable; urgency=medium
* Team Upload
* Remove webdrivers from default Gemfile for new rails applications
(Closes: #967007)
-- Pirate Praveen <praveen@debian.org> Tue, 11 Aug 2020 13:04:28 +0530
rails (2:6.0.3.2+dfsg-8) unstable; urgency=medium
* Team Upload
* Add ruby-webpacker as dependency to rails meta package
-- Pirate Praveen <praveen@debian.org> Fri, 07 Aug 2020 23:24:21 +0530
rails (2:6.0.3.2+dfsg-7) unstable; urgency=medium
* Remove dependencies no longer required for rails metapackage
* Remove Breaks on ruby-carrierwave << 2
-- Pirate Praveen <praveen@debian.org> Tue, 04 Aug 2020 17:49:02 +0530
rails (2:6.0.3.2+dfsg-6) unstable; urgency=medium
* Add more dependencies for rails metapackage
-- Pirate Praveen <praveen@debian.org> Tue, 04 Aug 2020 01:46:50 +0530
rails (2:6.0.3.2+dfsg-5) unstable; urgency=medium
* Remove more generated files in clean
* Fix bundler patch and add bundler as dependency (Closes: #966838)
* Bump minimum version of puma to 4.1
-- Pirate Praveen <praveen@debian.org> Mon, 03 Aug 2020 14:57:03 +0530
rails (2:6.0.3.2+dfsg-4) unstable; urgency=medium
* Team Upload
* Fail build when tests fails (Closes: #919478)
* Start redis server for activesupport tests (fixes test failures)
* Change assets:compile to assets:codegen in actioncable build
-- Pirate Praveen <praveen@debian.org> Mon, 03 Aug 2020 03:00:27 +0530
rails (2:6.0.3.2+dfsg-3) unstable; urgency=medium
* Team Upload
* Reupload to unstable
* Add Breaks for packages that need a new version for rails 6 support
-- Pirate Praveen <praveen@debian.org> Sun, 02 Aug 2020 22:54:59 +0530
rails (2:6.0.3.2+dfsg-2) experimental; urgency=medium
* Team Upload
* Drop myself from uploaders
* Update minimum version of ruby-sass-rails to 6.0~
-- Pirate Praveen <praveen@debian.org> Wed, 29 Jul 2020 18:15:23 +0530
rails (2:6.0.3.2+dfsg-1) experimental; urgency=medium
* New upstream version 6.0.3.2+dfsg
- Fixes CVE-2020-8185: Untrusted users able to run pending
migrations in production (Closes: 964081)
* Refresh d/patches
-- Utkarsh Gupta <utkarsh@debian.org> Wed, 01 Jul 2020 17:12:45 +0530
rails (2:6.0.3.1+dfsg-1) experimental; urgency=medium
* New upstream version 6.0.3.1+dfsg
* Refresh patches
-- Pirate Praveen <praveen@debian.org> Mon, 25 May 2020 16:04:56 +0530
rails (2:6.0.2.1+dfsg-4) experimental; urgency=medium
* Tighten dependency on ruby-rails-html-sanitizer (for backports)
* Switch to node-babel7 for activestorage javascript bundle generation
-- Pirate Praveen <praveen@debian.org> Sun, 03 May 2020 18:25:37 +0530
rails (2:6.0.2.1+dfsg-3) experimental; urgency=medium
* Add patch to fix ActionController::TestSession#id to return
Rack::Session::SessionId instance.
-- Utkarsh Gupta <utkarsh@debian.org> Thu, 26 Mar 2020 13:34:17 +0530
rails (2:5.2.4.1+dfsg-1) unstable; urgency=medium
[ Lucas Kanashiro ]
* New upstream version 5.2.4.1+dfsg
[ Utkarsh Gupta ]
* Refresh patches
* Update patch to remove the function call
* Tighten dependency on ruby-rack
-- Utkarsh Gupta <utkarsh@debian.org> Sat, 07 Mar 2020 17:35:09 +0530
rails (2:5.2.3+dfsg-3) unstable; urgency=medium
* Tighten dependency on bundler
* Add patch to fix autopkgtest
* Use @d.o address
-- Utkarsh Gupta <utkarsh@debian.org> Fri, 14 Feb 2020 05:31:36 +0530
rails (2:5.2.3+dfsg-2) unstable; urgency=medium
* Relax dependency on bundler
* Bump Standards-Version to 4.5.0 (no changes needed)
-- Sruthi Chandran <srud@debian.org> Fri, 07 Feb 2020 11:55:23 +0100
rails (2:6.0.2.1+dfsg-2) experimental; urgency=medium
* Tighten dependency on ruby-rack
-- Sruthi Chandran <srud@debian.org> Wed, 05 Feb 2020 15:02:04 +0100
rails (2:6.0.2.1+dfsg-1) experimental; urgency=medium
[ Debian Janitor ]
* Use secure copyright file specification URI.
* Update standards version to 4.4.1, no changes needed.
* Remove obsolete fields Name, Contact from debian/upstream/metadata.
[ Sruthi Chandran ]
* New upstream version 6.0.2.1+dfsg
* Refresh patches
* Bump Standards-Version to 4.5.0 (no changes needed)
-- Sruthi Chandran <srud@debian.org> Tue, 04 Feb 2020 13:49:14 +0100
rails (2:6.0.0+dfsg-1) experimental; urgency=medium
* New upstream version 6.0.0+dfsg
* d/control:
+ Add myself as Uploaders
+ Refresh the dependencies for 6.0.0
+ Add new packages: ruby-actionmailbox and ruby-actiontext
+ Fix lintian P: insecure-copyright-format-uri
* d/copyright:
+ Refresh the copyrights for 6.0.0
+ Fix lintian P: insecure-copyright-format-uri
* d/patches: Refresh the patches for 6.0.0
* d/ruby-tests.rb:
+ Refresh the tests for 6.0.0
+ Disable the lib/ renaming
+ Disable the failing tests
* d/*.docs: Refresh the docs for 6.0.0
-- Jongmin Kim <jmkim@pukyong.ac.kr> Sun, 25 Aug 2019 14:50:21 +0900
rails (2:5.2.3+dfsg-1) unstable; urgency=medium
* New upstream version 5.2.3+dfsg
* Add salsa-ci.yml
* Bump Standards-Version to 4.4.0
* Bump debhelper-compat to 12
* Add myself as an uploader
-- Utkarsh Gupta <guptautkarsh2102@gmail.com> Tue, 13 Aug 2019 03:18:06 +0530
# Older entries have been removed from this changelog.
# To read the complete changelog use `apt changelog ruby-railties`.
Generated by dwww version 1.15 on Fri Aug 29 04:48:43 CEST 2025.