From 64a780c831d21da11f66cae5f8d8bad06fc7618d Mon Sep 17 00:00:00 2001 From: Dennis Schubert Date: Thu, 21 Jan 2016 20:42:33 +0100 Subject: [PATCH 1/3] Prepare 0.5.6.1 hotfix --- Changelog.md | 2 ++ config/defaults.yml | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/Changelog.md b/Changelog.md index 83e92340c..0acf6bbc8 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,3 +1,5 @@ +# 0.5.6.1 + # 0.5.6.0 ## Refactor diff --git a/config/defaults.yml b/config/defaults.yml index fe8d32205..6e6a46f7d 100644 --- a/config/defaults.yml +++ b/config/defaults.yml @@ -4,7 +4,7 @@ defaults: version: - number: "0.5.6.0" # Do not touch unless doing a release, do not backport the version number that's in master + number: "0.5.6.1" # Do not touch unless doing a release, do not backport the version number that's in master heroku: false environment: url: "http://localhost:3000/" From f7d42fa83dbaffd52ee077ef02b2b500db6dbb40 Mon Sep 17 00:00:00 2001 From: Dennis Schubert Date: Thu, 21 Jan 2016 20:47:54 +0100 Subject: [PATCH 2/3] Bump nokogiri --- Changelog.md | 2 ++ Gemfile | 2 +- Gemfile.lock | 4 ++-- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/Changelog.md b/Changelog.md index 0acf6bbc8..bc877e4c5 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,5 +1,7 @@ # 0.5.6.1 +* Fix Nokogiri CVE-2015-7499 + # 0.5.6.0 ## Refactor diff --git a/Gemfile b/Gemfile index 2351ff5da..ed7ee745d 100644 --- a/Gemfile +++ b/Gemfile @@ -126,7 +126,7 @@ gem "messagebus_ruby_api", "1.0.3" # Parsing -gem "nokogiri", "1.6.7.1" +gem "nokogiri", "1.6.7.2" gem "redcarpet", "3.3.4" gem "twitter-text", "1.13.0" gem "roxml", "3.1.6" diff --git a/Gemfile.lock b/Gemfile.lock index f55ff7696..3cd8b60fb 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -458,7 +458,7 @@ GEM nenv (0.2.0) nested_form (0.3.2) nio4r (1.2.0) - nokogiri (1.6.7.1) + nokogiri (1.6.7.2) mini_portile2 (~> 2.0.0.rc2) notiffany (0.0.8) nenv (~> 0.1) @@ -830,7 +830,7 @@ DEPENDENCIES minitest mobile-fu (= 1.3.1) mysql2 (= 0.3.20) - nokogiri (= 1.6.7.1) + nokogiri (= 1.6.7.2) omniauth (= 1.3.1) omniauth-facebook (= 3.0.0) omniauth-tumblr (= 1.2) From a8008571b3a171163050c0f648070a05b6617a5c Mon Sep 17 00:00:00 2001 From: Dennis Schubert Date: Thu, 21 Jan 2016 20:55:46 +0100 Subject: [PATCH 3/3] Bump devise --- Changelog.md | 1 + Gemfile | 2 +- Gemfile.lock | 6 +++--- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/Changelog.md b/Changelog.md index bc877e4c5..c6bb6cd75 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,6 +1,7 @@ # 0.5.6.1 * Fix Nokogiri CVE-2015-7499 +* Fix unsafe "Remember me" cookies in Devise # 0.5.6.0 diff --git a/Gemfile b/Gemfile index ed7ee745d..1c19b22ce 100644 --- a/Gemfile +++ b/Gemfile @@ -22,7 +22,7 @@ gem "json-schema", "2.5.2" # Authentication -gem "devise", "3.5.3" +gem "devise", "3.5.4" gem "devise_lastseenable", "0.0.6" gem "devise-token_authenticatable", "~> 0.4.0" diff --git a/Gemfile.lock b/Gemfile.lock index 3cd8b60fb..44908d837 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -131,7 +131,7 @@ GEM nokogiri (~> 1.5) rails (>= 3, < 5) database_cleaner (1.5.1) - devise (3.5.3) + devise (3.5.4) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) @@ -607,7 +607,7 @@ GEM thor (>= 0.18.1, < 2.0) rainbow (2.0.0) raindrops (0.15.0) - rake (10.4.2) + rake (10.5.0) rb-fsevent (0.9.6) rb-inotify (0.9.5) ffi (>= 0.5.0) @@ -788,7 +788,7 @@ DEPENDENCIES configurate (= 0.3.1) cucumber-rails (= 1.4.2) database_cleaner (= 1.5.1) - devise (= 3.5.3) + devise (= 3.5.4) devise-token_authenticatable (~> 0.4.0) devise_lastseenable (= 0.0.6) diaspora-vines (~> 0.2.0.develop)