Release v3.2.1

CHANGELOG.md

@@ -1,11 +1,14 @@
 ### 3.2.1
 
+Security announcement: http://blog.plataformatec.com.br/2013/11/e-mail-enumeration-in-devise-in-paranoid-mode
+
 * enhancements
   * Add `store_location_for` helper and ensure it is safe (by @matthewrudy and @homakov)
   * Add `yield` around resource methods in Devise controllers (by @edelpero)
 
 * bug fix
   * Bring `password_digest` back to fix compatibility with `devise-encryptable`
+  * Avoid e-mail enumeration on sign in when in paranoid mode
 
 ### 3.2.0
 

Gemfile.lock

@@ -12,7 +12,7 @@ GIT
 PATH
   remote: .
   specs:
-    devise (3.2.0)
+    devise (3.2.1)
       bcrypt-ruby (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 3.2.6, < 5)

gemfiles/Gemfile.rails-3.2.x.lock

@@ -1,7 +1,7 @@
 PATH
   remote: ..
   specs:
-    devise (3.2.0)
+    devise (3.2.1)
       bcrypt-ruby (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 3.2.6, < 5)

lib/devise/controllers/store_location.rb

@@ -33,7 +33,7 @@ module Devise
       #
       def store_location_for(resource_or_scope, location)
         session_key = stored_location_key_for(resource_or_scope)
-        session[session_key] = URI.parse(location).path
+        session[session_key] = URI.parse(location).path if location
       end
 
       private

lib/devise/version.rb

@@ -1,3 +1,3 @@
 module Devise
-  VERSION = "3.2.0".freeze
+  VERSION = "3.2.1".freeze
 end