diff options
| -rw-r--r-- | Gemfile | 5 | ||||
| -rw-r--r-- | Gemfile.lock | 26 | ||||
| -rw-r--r-- | config/environment.rb | 2 | ||||
| -rw-r--r-- | doc/CHANGES.md | 19 | ||||
| -rw-r--r-- | locale/cy/app.po | 23 |
5 files changed, 52 insertions, 23 deletions
@@ -7,7 +7,10 @@ if File.exist? "/etc/debian_version" and File.open("/etc/debian_version").read.s end source :rubygems -gem 'rails', '2.3.15' +# A fork of rails that is kept up to date with security patches +git "git://github.com/mysociety/rails.git", :branch => "2-3-stable" do + gem 'rails' +end gem 'pg' gem 'fast_gettext', '>= 0.6.0' diff --git a/Gemfile.lock b/Gemfile.lock index 3f584e1ce..a9ab14940 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,5 +1,7 @@ -GEM - remote: http://rubygems.org/ +GIT + remote: git://github.com/mysociety/rails.git + revision: 9e452eaf296d3732f8058ad31cf18e0b659f27a6 + branch: 2-3-stable specs: actionmailer (2.3.15) actionpack (= 2.3.15) @@ -11,6 +13,17 @@ GEM activeresource (2.3.15) activesupport (= 2.3.15) activesupport (2.3.15) + rails (2.3.15) + actionmailer (= 2.3.15) + actionpack (= 2.3.15) + activerecord (= 2.3.15) + activeresource (= 2.3.15) + activesupport (= 2.3.15) + rake (>= 0.8.3) + +GEM + remote: http://rubygems.org/ + specs: annotate (2.4.0) archive-tar-minitar (0.5.2) bootstrap-sass (2.1.1.0) @@ -77,13 +90,6 @@ GEM pg (0.13.2) polyglot (0.3.3) rack (1.1.4) - rails (2.3.15) - actionmailer (= 2.3.15) - actionpack (= 2.3.15) - activerecord (= 2.3.15) - activeresource (= 2.3.15) - activesupport (= 2.3.15) - rake (>= 0.8.3) rake (0.9.2.2) rbx-require-relative (0.0.9) rdoc (2.4.3) @@ -165,7 +171,7 @@ DEPENDENCIES newrelic_rpm pg rack (~> 1.1.0) - rails (= 2.3.15) + rails! rake (= 0.9.2.2) rdoc (~> 2.4.3) recaptcha (~> 0.3.1) diff --git a/config/environment.rb b/config/environment.rb index b32eeeb01..21415dfd8 100644 --- a/config/environment.rb +++ b/config/environment.rb @@ -43,7 +43,7 @@ require File.join(File.dirname(__FILE__), '../lib/old_rubygems_patch') require 'configuration' # Application version -ALAVETELI_VERSION = '0.6.8' +ALAVETELI_VERSION = '0.6.9' Rails::Initializer.run do |config| # Load intial mySociety config diff --git a/doc/CHANGES.md b/doc/CHANGES.md index b74e46248..2c8692bb5 100644 --- a/doc/CHANGES.md +++ b/doc/CHANGES.md @@ -1,3 +1,22 @@ +# Version 0.6.9 +## Highlighted features +* [Security] Fix for security issue where image files from HTML conversion on hidden/requester-only requests were accessible without authentication [issue #739](https://github.com/mysociety/alaveteli/issues/739). +* [Security] Fix for issue where the zip file download function was available for logged-in users even on hidden/requester-only requests [issue #743](https://github.com/mysociety/alaveteli/issues/743) +* [Security] Upgrades to Rails 2.3.15 to get fixes for Rails security flaws CVE-2012-5664 and CVE-2013-0156. In addition, switches to use Rails pulled from a clone in the mySociety github account, which has had the CVE-2013-0155 2.3 series patch applied to it. +* Isolation of mail handling code in the MailHandler module in lib/mail_handler +* Tests run under Ruby 1.9.3 - *running the app under 1.9 not yet advised*. +* Routes without a locale part can be enabled for the default locale - see upgrade notes +* Fixes to support themed error pages, and allow responsive themes (Matthew Landauer, Brendan Molloy) +* Migrations run under sqlite (Stefan Langenmaier) +* Time zone fixes (Henare Degan) +* Faster tests (Henare Degan) + +* [List of issues on github](https://github.com/mysociety/alaveteli/issues?milestone=25&state=closed) + +## Upgrade notes +* Note the new config variable INCLUDE_DEFAULT_LOCALE_IN_URLS (if not set defaults to true, which should replicate existing behaviour) +* Check out this version and run `rails-post-deploy` as usual. + # Version 0.6.8 ## Highlighted features diff --git a/locale/cy/app.po b/locale/cy/app.po index 2ed1354a8..31a6445ee 100644 --- a/locale/cy/app.po +++ b/locale/cy/app.po @@ -4,13 +4,14 @@ # # Translators: # <alex@alexskene.com>, 2011-2012. +# <graham.craig@gmail.com>, 2013. msgid "" msgstr "" "Project-Id-Version: alaveteli\n" "Report-Msgid-Bugs-To: http://github.com/sebbacon/alaveteli/issues\n" "POT-Creation-Date: 2012-12-18 10:11+0000\n" -"PO-Revision-Date: 2012-12-18 10:14+0000\n" -"Last-Translator: louisecrow <louise@mysociety.org>\n" +"PO-Revision-Date: 2013-01-13 07:34+0000\n" +"Last-Translator: baragouiner <graham.craig@gmail.com>\n" "Language-Team: LANGUAGE <LL@li.org>\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -34,7 +35,7 @@ msgid "" msgstr "" msgid " (you)" -msgstr "" +msgstr "(chi)" msgid " - view and make Freedom of Information requests" msgstr "" @@ -106,10 +107,10 @@ msgid " made by " msgstr "" msgid " or " -msgstr "" +msgstr "neu" msgid " when you send this message." -msgstr "" +msgstr "pan chi'n anfon y neges hon" msgid "" "\"Hello! We have an <a " @@ -145,7 +146,7 @@ msgid "'Pollution levels over time for the River Tyne'" msgstr "" msgid "'{{link_to_authority}}', a public authority" -msgstr "" +msgstr "'{{link_to_authority}}', awdurdod cyhoeddus" msgid "'{{link_to_request}}', a request" msgstr "" @@ -157,13 +158,13 @@ msgid ",\\n\\n\\n\\nYours,\\n\\n{{user_name}}" msgstr "" msgid "- or -" -msgstr "" +msgstr "- neu -" msgid "1. Select an authority" -msgstr "" +msgstr "1. Dewis awdurdod" msgid "2. Ask for Information" -msgstr "" +msgstr "2. Gofyn am wybodaeth" msgid "3. Now check your request" msgstr "" @@ -194,7 +195,7 @@ msgid "" msgstr "" msgid "<a href=\"%s\">details</a>" -msgstr "" +msgstr "<a href=\"%s\">manylion</a>" msgid "<a href=\"%s\">what's that?</a>" msgstr "" @@ -203,7 +204,7 @@ msgid "" "<p>All done! Thank you very much for your help.</p><p>There are <a " "href=\"{{helpus_url}}\">more things you can do</a> to help " "{{site_name}}.</p>" -msgstr "" +msgstr "<p>Wedi gorffen! Diolch yn fawr am eich help.</p><p>Mae <a href=\"{{helpus_url}}\">mwy o bethau i'w wneud</a>er mwyn helpu {{site_name}}.</p>" msgid "" "<p>Thank you! Here are some ideas on what to do next:</p>\\n " |