From d07b12dc7d453674586175430dbd711aa16c0bb2 Mon Sep 17 00:00:00 2001 From: Arthur Neves Date: Thu, 24 Jul 2014 11:01:19 -0400 Subject: [PATCH] Update History log Bring latest History from 2-6-stable and 2-5-stable --- History.md | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/History.md b/History.md index cbe5ef4..a8c8854 100644 --- a/History.md +++ b/History.md @@ -32,7 +32,13 @@ * Make map filter work on enumerable drops, see #233 [Florian Weingarten, fw42] * Improved whitespace stripping for blank blocks, related to #216 [Florian Weingarten, fw42] -## 2.6.0 / 2013-11-25 / branch "2.6-stable" +## 2.6.1 / 2014-01-10 / branch "2-6-stable" + +Security fix, cherry-picked from master (4e14a65): +* Don't call to_sym when creating conditions for security reasons, see #273 [Bouke van der Bijl, bouk] +* Prevent arbitrary method invocation on condition objects, see #274 [Dylan Thacker-Smith, dylanahsmith] + +## 2.6.0 / 2013-11-25 IMPORTANT: Liquid 2.6 is going to be the last version of Liquid which maintains explicit Ruby 1.8 compatability. The following releases will only be tested against Ruby 1.9 and Ruby 2.0 and are likely to break on Ruby 1.8. @@ -56,7 +62,13 @@ The following releases will only be tested against Ruby 1.9 and Ruby 2.0 and are * Better documentation for 'include' tag (closes #163) [Peter Schröder, phoet] * Use of BigDecimal on filters to have better precision (closes #155) [Arthur Nogueira Neves, arthurnn] -## 2.5.4 / 2013-11-11 / branch "2.5-stable" +## 2.5.5 / 2014-01-10 / branch "2-5-stable" + +Security fix, cherry-picked from master (4e14a65): +* Don't call to_sym when creating conditions for security reasons, see #273 [Bouke van der Bijl, bouk] +* Prevent arbitrary method invocation on condition objects, see #274 [Dylan Thacker-Smith, dylanahsmith] + +## 2.5.4 / 2013-11-11 * Fix "can't convert Fixnum into String" for "replace", see #173, [wǒ_is神仙, jsw0528]