fixes #5471 html escape auto-completer values (CVE-2014-0208)
(cherry picked from commit ee672544f1ad5990ca0e39acd86f83cbbe06ebe9)
fixes #3914 - set current taxonomies on login from user defaults
Fixes #4851: a SmartProxy.with_features scope replaces feature-specific scopes generated during class loading
fixes #4776 - support session[:expires_at] for api requests
There are situations where the UI needs to invoke requestson the API controllers; therefore, we need to ensure thatthe session expiration accounts for them. This is a commonfor plugins, such as Katello, which leverage the...
fixes #4457 - Session fixation, new session IDs are not generated on login (CVE-2014-0090)
fixes #4617 - add feature to change parent of location or organization
fixes #812 - new permissions model, user group role and nest support, role filters for better granularity
fixes #4393 - rename ancestry label to title
fixes #4423 - allow puppet classes to be imported by environment
fixes #3912 - add inheritance for locations / organizations
fixes #3658 - support smart proxy's chef proxy feature
fixes #3930 - refactoring of edit_self implementation.
fixes #3280 - authenticate returns true for API requests when login:false
fixes #3312 - support /users/extlogin as a login page based on REMOTE_USER
fixes #1830 - auto assign puppet proxy if its not defined upon facts/reports event
fixes #2741 - rails 3 syntax
fixes #3141: SmartPrpxyAuth no longer calls #render_403 method defined in ApplicationController
fixes #2969 - remove all legacy api code in UI controllers, add deprecation response
fixes #2988 - merge authentication code, enables REMOTE_USER auth on new API controllers
fixes #2877: deletion of the organization or location in the context no longer breaks the session
fixes #2411 - move to controller/concerns
fixes #2739 - add ActiveSupport::Concern syntax to mixins