rails-3.2 (3.2.16-3+0) unstable; urgency=medium

  [ Ondřej Surý ]
  * Repack rails-3.2 based on the rails-4.0 packaging
    + Ignore all test results (for now)
  * New upstream version 3.2.16, fixes:
    + [CVE-2013-6417] Incomplete fix to CVE-2013-0155 (Unsafe Query
      Generation Risk)
    + [CVE-2013-4491] Reflective XSS Vulnerability in Ruby on Rails
    + [CVE-2013-6415] XSS Vulnerability in number_to_currency
    + [CVE-2013-6414] Denial of Service Vulnerability in Action View

  [ Antonio Terceiro ]
  * This source package includes all of the Rails components and supersedes
    the ones in the following individual packages:
    - rails3
    - ruby-actionmailer-3.2
    - ruby-actionpack-3.2
    - ruby-activemodel-3.2
    - ruby-activerecord-3.2
    - ruby-activeresource-3.2
    - ruby-activesupport-3.2
    - ruby-rails-3.2
    - ruby-railties-3.2
  * Changes with regards to current packages:
    - a basic as-installed test suite was added in debian/tests. Right now we
      will know when some dependency breaks the very basic use case of a new
      rails app, and as it evolves we will also catch more subtle problems.
    - Some dependencies were relaxed so they can be satisfied by packages in
      the archive which are newer than they were when rails 3 was released.
    - ruby-rails-3.2 now recommends packages needed to run the empty
      application created by `rails new`

 -- Ondřej Surý <ondrej@debian.org>  Wed, 04 Dec 2013 11:13:41 +0100
