ruby-rails-html-sanitizer (1.0.3-2) unstable; urgency=medium

  * Team upload.

  [ Cédric Boutillier ]
  * Bump debhelper compatibility level to 9
  * Use https:// in Vcs-* fields
  * Bump Standards-Version to 3.9.7 (no changes needed)

  [ Christian Hofstaedtler ]
  * Drop ruby-rails from Depends, as no lib code actually loads rails;
    makes the dependency cycle a little less bad.

 -- Christian Hofstaedtler <zeha@debian.org>  Sat, 05 Mar 2016 04:24:42 +0100

ruby-rails-html-sanitizer (1.0.3-1) unstable; urgency=high

  * New upstream release. Contains fixes for several XSS vulnerabilities:
    CVE-2015-7578 CVE-2015-7579 CVE-2015-7580 (Closes: #812814)
  * debian/ruby-tests.rake: re-enable test that was disabled
  * 0001-Skip-some-tests-under-Debian.patch: skip tests where the sanitized
    HTML is XSS-free but does not match the exact content expected by the
    upstream test suite. I suspect that is due to Nokogiri not using its own
    patched version of libxml2 in Debian, but can't be sure of that yet.
    Also, the same tests would already fail on 1.0.2 if enabled.

 -- Antonio Terceiro <terceiro@debian.org>  Tue, 26 Jan 2016 19:36:51 -0200

ruby-rails-html-sanitizer (1.0.2-1) unstable; urgency=medium

  * Initial release (Closes: #784326)
  * Disabled a test as it required gems which have Rails > 4.2.0 in its
    dependency chain

 -- Balasankar C <balasankarc@autistici.org>  Tue, 05 May 2015 13:07:22 +0530