diff --git a/Changelog.md b/Changelog.md index 77d3a4f78..6a2cd5bee 100644 --- a/Changelog.md +++ b/Changelog.md @@ -110,6 +110,11 @@ Contributions are very welcome, the hard work is done! ## Features * Keyboard shortcuts now do work on profile pages as well [#6647](https://github.com/diaspora/diaspora/pull/6647/files) +# 0.5.6.1 + +* Fix Nokogiri CVE-2015-7499 +* Fix unsafe "Remember me" cookies in Devise + # 0.5.6.0 ## Refactor diff --git a/Gemfile b/Gemfile index 0d2601997..63e247471 100644 --- a/Gemfile +++ b/Gemfile @@ -22,7 +22,7 @@ gem "json-schema", "2.5.2" # Authentication -gem "devise", "3.5.3" +gem "devise", "3.5.4" gem "devise_lastseenable", "0.0.6" gem "devise-token_authenticatable", "~> 0.4.0" @@ -133,7 +133,7 @@ gem "leaflet-rails", "0.7.4" # Parsing -gem "nokogiri", "1.6.7.1" +gem "nokogiri", "1.6.7.2" gem "redcarpet", "3.3.4" gem "twitter-text", "1.13.0" gem "roxml", "3.1.6" diff --git a/Gemfile.lock b/Gemfile.lock index 6b7550912..d18cdeede 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -139,7 +139,7 @@ GEM nokogiri (~> 1.5) rails (>= 3, < 5) database_cleaner (1.5.1) - devise (3.5.3) + devise (3.5.4) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) @@ -486,7 +486,7 @@ GEM nenv (0.2.0) nested_form (0.3.2) nio4r (1.2.0) - nokogiri (1.6.7.1) + nokogiri (1.6.7.2) mini_portile2 (~> 2.0.0.rc2) notiffany (0.0.8) nenv (~> 0.1) @@ -676,7 +676,7 @@ GEM thor (>= 0.18.1, < 2.0) rainbow (2.0.0) raindrops (0.15.0) - rake (10.4.2) + rake (10.5.0) rb-fsevent (0.9.6) rb-inotify (0.9.5) ffi (>= 0.5.0) @@ -891,7 +891,7 @@ DEPENDENCIES cucumber-api-steps (= 0.13) cucumber-rails (= 1.4.2) database_cleaner (= 1.5.1) - devise (= 3.5.3) + devise (= 3.5.4) devise-token_authenticatable (~> 0.4.0) devise_lastseenable (= 0.0.6) diaspora-vines (~> 0.2.0.develop) @@ -935,7 +935,7 @@ DEPENDENCIES minitest mobile-fu (= 1.3.1) mysql2 (= 0.3.20) - nokogiri (= 1.6.7.1) + nokogiri (= 1.6.7.2) omniauth (= 1.3.1) omniauth-facebook (= 3.0.0) omniauth-tumblr (= 1.2)