Merge branch 'hotfix/0.6.4.1'

2017-03-29 22:29:22 +02:00 · 2017-03-29 22:29:22 +02:00 · 2b32e9b592
commit 2b32e9b592
parent a9c282d986 610f39e991
4 changed files with 8 additions and 4 deletions
--- a/Changelog.md
+++ b/Changelog.md
@ -1,3 +1,7 @@
 # 0.6.4.1
 Fixes a possible Remote Code Execution ([CVE-2016-4658](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658)) and a possible DoS ([CVE-2016-5131](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131)) by updating Nokogiri, which in turn updates libxml2.
 # 0.6.4.0
 ## Refactor
--- a/2
+++ b/2
@ -132,7 +132,7 @@ gem "leaflet-rails",       "0.7.7"
 # Parsing
-gem "nokogiri",          "1.7.0.1"
+gem "nokogiri",          "1.7.1"
 gem "open_graph_reader", "0.6.2" # also update User-Agent in features/support/webmock.rb
 gem "redcarpet",         "3.4.0"
 gem "ruby-oembed",       "0.10.1"
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -395,7 +395,7 @@ GEM
    nenv (0.3.0)
    nested_form (0.3.2)
    nio4r (2.0.0)
-    nokogiri (1.7.0.1)
+    nokogiri (1.7.1)
      mini_portile2 (~> 2.1.0)
    notiffany (0.1.1)
      nenv (~> 0.1)
@ -845,7 +845,7 @@ DEPENDENCIES
  minitest
  mobile-fu (= 1.3.1)
  mysql2 (= 0.4.5)
-  nokogiri (= 1.7.0.1)
+  nokogiri (= 1.7.1)
  omniauth (= 1.4.2)
  omniauth-facebook (= 4.0.0)
  omniauth-tumblr (= 1.2)
--- a/config/defaults.yml
+++ b/config/defaults.yml
@ -4,7 +4,7 @@
 defaults:
  version:
-    number: "0.6.4.0" # Do not touch unless doing a release, do not backport the version number that's in master
+    number: "0.6.4.1" # Do not touch unless doing a release, do not backport the version number that's in master
  heroku: false
  environment:
    url: "http://localhost:3000/"