diff --git a/Changelog.md b/Changelog.md index 0f87e5d58..980115556 100644 --- a/Changelog.md +++ b/Changelog.md @@ -9,6 +9,11 @@ ## Features * Keyboard shortcuts now do work on profile pages as well [#6647](https://github.com/diaspora/diaspora/pull/6647/files) +# 0.5.6.1 + +* Fix Nokogiri CVE-2015-7499 +* Fix unsafe "Remember me" cookies in Devise + # 0.5.6.0 ## Refactor diff --git a/Gemfile b/Gemfile index d8d87cda4..ba6a6c23b 100644 --- a/Gemfile +++ b/Gemfile @@ -22,7 +22,7 @@ gem "json-schema", "2.5.2" # Authentication -gem "devise", "3.5.3" +gem "devise", "3.5.4" gem "devise_lastseenable", "0.0.6" gem "devise-token_authenticatable", "~> 0.4.0" @@ -126,7 +126,7 @@ gem "messagebus_ruby_api", "1.0.3" # Parsing -gem "nokogiri", "1.6.7.1" +gem "nokogiri", "1.6.7.2" gem "redcarpet", "3.3.4" gem "twitter-text", "1.13.0" gem "roxml", "3.1.6" diff --git a/Gemfile.lock b/Gemfile.lock index 98bdfe3d1..7d148441b 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -131,7 +131,7 @@ GEM nokogiri (~> 1.5) rails (>= 3, < 5) database_cleaner (1.5.1) - devise (3.5.3) + devise (3.5.4) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) @@ -458,7 +458,7 @@ GEM nenv (0.2.0) nested_form (0.3.2) nio4r (1.2.0) - nokogiri (1.6.7.1) + nokogiri (1.6.7.2) mini_portile2 (~> 2.0.0.rc2) notiffany (0.0.8) nenv (~> 0.1) @@ -607,7 +607,7 @@ GEM thor (>= 0.18.1, < 2.0) rainbow (2.0.0) raindrops (0.15.0) - rake (10.4.2) + rake (10.5.0) rb-fsevent (0.9.6) rb-inotify (0.9.5) ffi (>= 0.5.0) @@ -788,7 +788,7 @@ DEPENDENCIES configurate (= 0.3.1) cucumber-rails (= 1.4.2) database_cleaner (= 1.5.1) - devise (= 3.5.3) + devise (= 3.5.4) devise-token_authenticatable (~> 0.4.0) devise_lastseenable (= 0.0.6) diaspora-vines (~> 0.2.0.develop) @@ -830,7 +830,7 @@ DEPENDENCIES minitest mobile-fu (= 1.3.1) mysql2 (= 0.3.20) - nokogiri (= 1.6.7.1) + nokogiri (= 1.6.7.2) omniauth (= 1.3.1) omniauth-facebook (= 3.0.0) omniauth-tumblr (= 1.2)