Release version 0.13.0

thoughtbot · Mar 13, 2020 · 70a2778 · 70a2778
1 parent 61f94d6
commit 70a2778
Show file tree

Hide file tree

Showing 3 changed files with 47 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -13,9 +13,53 @@
 * `[I18n]`: Internationalization. Changes to translations or localizations.
 * `[OPTIM]`: Optimization or performance increase.
 * `[DOC]`: Documentation changes. No changes to the library's behavior.
+* `[SECURITY]`: A change which fixes a security vulnerability.
 
 ## Changes
 
+### 0.13.0 (March 13, 2020)
+
+**NOTE:** This release contains the fix for [`CVE-2020-5257`][cve-5257], which
+fixes a potential SQL injection on dashboard sorting.
+
+* [SECURITY] Fix Sort order SQL injection.
+* [BUGFIX] [#1561] Fix very narrow nested fields.
+* [BUGFIX] [#1565] Fix unterminated single quote.
+* [UI] [#1537] Provide <title> tags for doc pages.
+* [BUGFIX] [#1552] Use the correct foreign key when sorting belongs_to
+  associations.
+* [FEATURE] [#1551] More readable warnings.
+* [FEATURE] [#1512] Avoid confusion with class methods and protected/private
+  modifiers.
+* [FEATURE] [#1513] Accessible from templates; avoids having to create new
+  field types.
+* [UI] [#1536] Declare doctype, language and charset.
+* [DOC] [#1540] Add new Date field to docs.
+* [FEATURE] [#1530] Include Date Field.
+* [BUGFIX] [#1522] Align label and data on show page.
+* [FEATURE] [#1521] Expose required fields on form.
+* [DOC] [#1531] Remove project level rubocop.yml.
+* [DOC] [#1534] Move documentation of how to disable some actions on
+  controller.
+* [UI] [#1524] Hide resources without index in the navigation.
+* [DOC] [#1523] Update screenshot.
+* [UI] [#1376] Add a "back" link to the navigation.
+* [DOC] [#1187] Update comment with new namespace.
+* [DOC] [#1514] Rewrite the contributing guide.
+* [BUGFIX] [#1495] Attempt to fix random CI failures.
+* [BUGFIX] [#1507] Remove query from link, to avoid triggering banned params.
+* [DOC] [#1479] Document controller APIs.
+* [COMPAT] [#1475] Allows running specs individually.
+* [UI] [#1484] Double-click to select attribute text.
+* [DOC] Configure GitHub Sponsors.
+* [COMPAT] [#1457] Fix PhantomJS test behaviour on Linux.
+* [BUGFIX] [#920] Remove NameError rescue in page base.
+* [BUGFIX] [#1447] Don't pass raw SQL when changing sort order.
+* [FEATURE] [#1452] Support Sprockets 4.
+* [DOC] [#1426] Add issue templates.
+
+[cve-5257]: https://github.com/thoughtbot/administrate/security/advisories/GHSA-2p5p-m353-833w
+
 ### 0.12.0 (September 10, 2019)
 
 * [COMPAT] [#1331] Drop active_job from the dependencies.

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    administrate (0.12.0)
+    administrate (0.13.0)
       actionpack (>= 4.2)
       actionview (>= 4.2)
       activerecord (>= 4.2)
@@ -94,7 +94,7 @@ GEM
       i18n (>= 1.6, < 2)
     faraday (1.0.0)
       multipart-post (>= 1.2, < 3)
-    ffi (1.11.3)
+    ffi (1.12.2)
     formulaic (0.4.1)
       activesupport
       capybara

diff --git a/lib/administrate/version.rb b/lib/administrate/version.rb
@@ -1,3 +1,3 @@
 module Administrate
-  VERSION = "0.12.0".freeze
+  VERSION = "0.13.0".freeze
 end