rails-4.0 (4.0.2+dfsg-2) unstable; urgency=low

  * Fix dependency -- ruby-rack doesn't have epoch (Closes: #731347)
  * Move ruby-activerecord-deprecated-finders from Depends to Recommends

 -- Ondřej Surý <ondrej@debian.org>  Thu, 12 Dec 2013 13:15:00 +0100

rails-4.0 (4.0.2+dfsg-1) unstable; urgency=low

  [ Antonio Terceiro ]
  * ruby-actionpack-4.0: tighten versioned dependency on ruby-rack to take
    epoch into account.

  [ Ondřej Surý ]
  * New upstream version 4.0.2+dfsg, fixes:
    + [CVE-2013-6417] Incomplete fix to CVE-2013-0155 (Unsafe Query Generation Risk)
    + [CVE-2013-4491] Reflective XSS Vulnerability in Ruby on Rails
    + [CVE-2013-6415] XSS Vulnerability in number_to_currency
    + [CVE-2013-6414] Denial of Service Vulnerability in Action View
    + [CVE-2013-6416] XSS Vulnerability in simple_format helper

 -- Ondřej Surý <ondrej@debian.org>  Wed, 04 Dec 2013 10:34:24 +0100

rails-4.0 (4.0.0+dfsg-1) unstable; urgency=low

  [ Antonio Terceiro ]
  * Migrate to use dh_ruby multi-binary support

  [ Ondřej Surý ]
  * Initial release of Rails 4.0
  * Merge ruby-{active,action}*-X.Y packages into rails-4.0
  * Add Copyright headers for syntaxhighlighter
  * New upstream version 4.0.0+dfsg
  * Update the package based on ftp-master review:
    + Weaken some Conflicts to Breaks (Keeping Conflicts for virtual
      packages)
    + Generate actionpack/lib/action_dispatch/journey/parser.rb in the
      build using racc
    + Fix copyright to include correct year: (c) 2004-2013 David
      Heinemeier Hansson
    + Add MIT or CC-BY license for HTML selector by Assaf Arkin  
    + PD-Art license is inconclusive, so we just remove the wikimedia Mona
      Lisa picture and patch out the tests that were using it.
      (http://commons.wikimedia.org/wiki/Commons:Reuse_of_PD-Art_photographs)
    + Just remove whole guides.rubyonrails.org content from source tarball
      (We'll repackage it to ruby-rails-guides-4.0 as soon as we clear the
      licensing with upstream.)
    + MIT-LICENSE in templates is needed for templating new projects, add
      a lintian-override
  * Add dversionmangle to debian/watch

 -- Ondřej Surý <ondrej@debian.org>  Fri, 19 Jul 2013 15:35:13 +0200
