ruby-rails-html-sanitizer (1.0.4-1) unstable; urgency=medium
* New upstream release.
* debian/compat: Bump debhelper compatibility level to 11.
* debian/control:
- Bump required debhelper version to >= 11~.
- Bump Standards-Version to 4.1.3 (no changes needed).
- Use salsa.debian.org in Vcs-* fields.
- Add myself as Uploader.
- Require ruby-loofah >= 2.2.2~.
* debian/copyright:
- Use HTTPS in link to copyright format specification.
- Add missing Debian packaging authors.
* debian/patches: Drop patch to skip failing specs, fixed upstream.
* debian/watch: Use version 4 and HTTPS in link to gemwatch service.
-- Georg Faerber Fri, 23 Mar 2018 13:42:07 +0100
ruby-rails-html-sanitizer (1.0.3-2) unstable; urgency=medium
* Team upload.
[ Cédric Boutillier ]
* Bump debhelper compatibility level to 9
* Use https:// in Vcs-* fields
* Bump Standards-Version to 3.9.7 (no changes needed)
[ Christian Hofstaedtler ]
* Drop ruby-rails from Depends, as no lib code actually loads rails;
makes the dependency cycle a little less bad.
-- Christian Hofstaedtler Sat, 05 Mar 2016 04:24:42 +0100
ruby-rails-html-sanitizer (1.0.3-1) unstable; urgency=high
* New upstream release. Contains fixes for several XSS vulnerabilities:
CVE-2015-7578 CVE-2015-7579 CVE-2015-7580 (Closes: #812814)
* debian/ruby-tests.rake: re-enable test that was disabled
* 0001-Skip-some-tests-under-Debian.patch: skip tests where the sanitized
HTML is XSS-free but does not match the exact content expected by the
upstream test suite. I suspect that is due to Nokogiri not using its own
patched version of libxml2 in Debian, but can't be sure of that yet.
Also, the same tests would already fail on 1.0.2 if enabled.
-- Antonio Terceiro Tue, 26 Jan 2016 19:36:51 -0200
ruby-rails-html-sanitizer (1.0.2-1) unstable; urgency=medium
* Initial release (Closes: #784326)
* Disabled a test as it required gems which have Rails > 4.2.0 in its
dependency chain
-- Balasankar C Tue, 05 May 2015 13:07:22 +0530