Merge branch 'hotfix/0.0.2.5'
This commit is contained in:
Jonne Haß
commit
2f5ef39e1a
4 changed files with 41 additions and 35 deletions
|
|
@ -1,3 +1,9 @@
|
||||||
|
# 0.0.2.5
|
||||||
|
|
||||||
|
* Fix CVE-2013-0269 by updating the gems json to 1.7.7 and multi\_json to 1.5.1. [Read more](https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_YvCpLzL58)
|
||||||
|
* Additionally ensure can't affect us by bumping Rails to 3.2.12. [Read more](https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/AFBKNY7VSH8)
|
||||||
|
* And exclude CVE-2013-0262 and CVE-2013-0263 by updating rack to 1.4.5.
|
||||||
|
|
||||||
# 0.0.2.4
|
# 0.0.2.4
|
||||||
|
|
||||||
* Fix XSS vulnerabilities caused by not escaping a users name fields when loading it from JSON. [#3948](https://github.com/diaspora/diaspora/issues/3948)
|
* Fix XSS vulnerabilities caused by not escaping a users name fields when loading it from JSON. [#3948](https://github.com/diaspora/diaspora/issues/3948)
|
||||||
|
|
|
||||||
4
Gemfile
4
Gemfile
|
|
@ -1,6 +1,6 @@
|
||||||
source 'http://rubygems.org'
|
source 'http://rubygems.org'
|
||||||
|
|
||||||
gem 'rails', '3.2.11'
|
gem 'rails', '3.2.12'
|
||||||
|
|
||||||
gem 'foreman', '0.60.2'
|
gem 'foreman', '0.60.2'
|
||||||
|
|
||||||
|
|
@ -63,7 +63,7 @@ gem 'mini_magick', '3.4'
|
||||||
|
|
||||||
# JSON and API
|
# JSON and API
|
||||||
|
|
||||||
gem 'json', '1.7.5'
|
gem 'json', '1.7.7'
|
||||||
gem 'acts_as_api', '0.4.1 '
|
gem 'acts_as_api', '0.4.1 '
|
||||||
|
|
||||||
# localization
|
# localization
|
||||||
|
|
|
||||||
64
Gemfile.lock
64
Gemfile.lock
|
|
@ -17,34 +17,34 @@ GIT
|
||||||
GEM
|
GEM
|
||||||
remote: http://rubygems.org/
|
remote: http://rubygems.org/
|
||||||
specs:
|
specs:
|
||||||
actionmailer (3.2.11)
|
actionmailer (3.2.12)
|
||||||
actionpack (= 3.2.11)
|
actionpack (= 3.2.12)
|
||||||
mail (~> 2.4.4)
|
mail (~> 2.4.4)
|
||||||
actionpack (3.2.11)
|
actionpack (3.2.12)
|
||||||
activemodel (= 3.2.11)
|
activemodel (= 3.2.12)
|
||||||
activesupport (= 3.2.11)
|
activesupport (= 3.2.12)
|
||||||
builder (~> 3.0.0)
|
builder (~> 3.0.0)
|
||||||
erubis (~> 2.7.0)
|
erubis (~> 2.7.0)
|
||||||
journey (~> 1.0.4)
|
journey (~> 1.0.4)
|
||||||
rack (~> 1.4.0)
|
rack (~> 1.4.5)
|
||||||
rack-cache (~> 1.2)
|
rack-cache (~> 1.2)
|
||||||
rack-test (~> 0.6.1)
|
rack-test (~> 0.6.1)
|
||||||
sprockets (~> 2.2.1)
|
sprockets (~> 2.2.1)
|
||||||
activemodel (3.2.11)
|
activemodel (3.2.12)
|
||||||
activesupport (= 3.2.11)
|
activesupport (= 3.2.12)
|
||||||
builder (~> 3.0.0)
|
builder (~> 3.0.0)
|
||||||
activerecord (3.2.11)
|
activerecord (3.2.12)
|
||||||
activemodel (= 3.2.11)
|
activemodel (= 3.2.12)
|
||||||
activesupport (= 3.2.11)
|
activesupport (= 3.2.12)
|
||||||
arel (~> 3.0.2)
|
arel (~> 3.0.2)
|
||||||
tzinfo (~> 0.3.29)
|
tzinfo (~> 0.3.29)
|
||||||
activerecord-import (0.2.11)
|
activerecord-import (0.2.11)
|
||||||
activerecord (~> 3.0)
|
activerecord (~> 3.0)
|
||||||
activerecord (~> 3.0)
|
activerecord (~> 3.0)
|
||||||
activeresource (3.2.11)
|
activeresource (3.2.12)
|
||||||
activemodel (= 3.2.11)
|
activemodel (= 3.2.12)
|
||||||
activesupport (= 3.2.11)
|
activesupport (= 3.2.12)
|
||||||
activesupport (3.2.11)
|
activesupport (3.2.12)
|
||||||
i18n (~> 0.6)
|
i18n (~> 0.6)
|
||||||
multi_json (~> 1.0)
|
multi_json (~> 1.0)
|
||||||
acts-as-taggable-on (2.3.3)
|
acts-as-taggable-on (2.3.3)
|
||||||
|
|
@ -208,7 +208,7 @@ GEM
|
||||||
jquery-rails
|
jquery-rails
|
||||||
railties (>= 3.1.0)
|
railties (>= 3.1.0)
|
||||||
jruby-pageant (1.1.1)
|
jruby-pageant (1.1.1)
|
||||||
json (1.7.5)
|
json (1.7.7)
|
||||||
jwt (0.1.5)
|
jwt (0.1.5)
|
||||||
multi_json (>= 1.0)
|
multi_json (>= 1.0)
|
||||||
kaminari (0.14.1)
|
kaminari (0.14.1)
|
||||||
|
|
@ -225,13 +225,13 @@ GEM
|
||||||
treetop (~> 1.4.8)
|
treetop (~> 1.4.8)
|
||||||
messagebus_ruby_api (1.0.3)
|
messagebus_ruby_api (1.0.3)
|
||||||
method_source (0.8.1)
|
method_source (0.8.1)
|
||||||
mime-types (1.19)
|
mime-types (1.21)
|
||||||
mini_magick (3.4)
|
mini_magick (3.4)
|
||||||
subexec (~> 0.2.1)
|
subexec (~> 0.2.1)
|
||||||
mobile-fu (1.1.0)
|
mobile-fu (1.1.0)
|
||||||
rack-mobile-detect
|
rack-mobile-detect
|
||||||
rails
|
rails
|
||||||
multi_json (1.5.0)
|
multi_json (1.5.1)
|
||||||
multipart-post (1.1.5)
|
multipart-post (1.1.5)
|
||||||
mysql2 (0.3.11)
|
mysql2 (0.3.11)
|
||||||
nested_form (0.2.3)
|
nested_form (0.2.3)
|
||||||
|
|
@ -273,7 +273,7 @@ GEM
|
||||||
coderay (~> 1.0.5)
|
coderay (~> 1.0.5)
|
||||||
method_source (~> 0.8)
|
method_source (~> 0.8)
|
||||||
slop (~> 3.3.1)
|
slop (~> 3.3.1)
|
||||||
rack (1.4.4)
|
rack (1.4.5)
|
||||||
rack-cache (1.2)
|
rack-cache (1.2)
|
||||||
rack (>= 0.4)
|
rack (>= 0.4)
|
||||||
rack-cors (0.2.7)
|
rack-cors (0.2.7)
|
||||||
|
|
@ -292,14 +292,14 @@ GEM
|
||||||
rack
|
rack
|
||||||
rack-test (0.6.2)
|
rack-test (0.6.2)
|
||||||
rack (>= 1.0)
|
rack (>= 1.0)
|
||||||
rails (3.2.11)
|
rails (3.2.12)
|
||||||
actionmailer (= 3.2.11)
|
actionmailer (= 3.2.12)
|
||||||
actionpack (= 3.2.11)
|
actionpack (= 3.2.12)
|
||||||
activerecord (= 3.2.11)
|
activerecord (= 3.2.12)
|
||||||
activeresource (= 3.2.11)
|
activeresource (= 3.2.12)
|
||||||
activesupport (= 3.2.11)
|
activesupport (= 3.2.12)
|
||||||
bundler (~> 1.0)
|
bundler (~> 1.0)
|
||||||
railties (= 3.2.11)
|
railties (= 3.2.12)
|
||||||
rails-i18n (0.7.0)
|
rails-i18n (0.7.0)
|
||||||
i18n (~> 0.5)
|
i18n (~> 0.5)
|
||||||
rails_admin (0.2.0)
|
rails_admin (0.2.0)
|
||||||
|
|
@ -318,9 +318,9 @@ GEM
|
||||||
sass-rails (~> 3.1)
|
sass-rails (~> 3.1)
|
||||||
rails_autolink (1.0.9)
|
rails_autolink (1.0.9)
|
||||||
rails (~> 3.1)
|
rails (~> 3.1)
|
||||||
railties (3.2.11)
|
railties (3.2.12)
|
||||||
actionpack (= 3.2.11)
|
actionpack (= 3.2.12)
|
||||||
activesupport (= 3.2.11)
|
activesupport (= 3.2.12)
|
||||||
rack-ssl (~> 1.3.2)
|
rack-ssl (~> 1.3.2)
|
||||||
rake (>= 0.8.7)
|
rake (>= 0.8.7)
|
||||||
rdoc (~> 3.4)
|
rdoc (~> 3.4)
|
||||||
|
|
@ -330,7 +330,7 @@ GEM
|
||||||
rb-fsevent (0.9.2)
|
rb-fsevent (0.9.2)
|
||||||
rb-inotify (0.8.8)
|
rb-inotify (0.8.8)
|
||||||
ffi (>= 0.5.0)
|
ffi (>= 0.5.0)
|
||||||
rdoc (3.12)
|
rdoc (3.12.1)
|
||||||
json (~> 1.4)
|
json (~> 1.4)
|
||||||
redcarpet (2.2.2)
|
redcarpet (2.2.2)
|
||||||
redis (3.0.2)
|
redis (3.0.2)
|
||||||
|
|
@ -456,7 +456,7 @@ DEPENDENCIES
|
||||||
i18n-inflector-rails (~> 1.0)
|
i18n-inflector-rails (~> 1.0)
|
||||||
jasmine (= 1.2.1)
|
jasmine (= 1.2.1)
|
||||||
jquery-rails (= 2.1.3)
|
jquery-rails (= 2.1.3)
|
||||||
json (= 1.7.5)
|
json (= 1.7.7)
|
||||||
markerb!
|
markerb!
|
||||||
messagebus_ruby_api (= 1.0.3)
|
messagebus_ruby_api (= 1.0.3)
|
||||||
mini_magick (= 3.4)
|
mini_magick (= 3.4)
|
||||||
|
|
@ -473,7 +473,7 @@ DEPENDENCIES
|
||||||
rack-protection (= 1.2)
|
rack-protection (= 1.2)
|
||||||
rack-rewrite (= 1.3.1)
|
rack-rewrite (= 1.3.1)
|
||||||
rack-ssl (= 1.3.2)
|
rack-ssl (= 1.3.2)
|
||||||
rails (= 3.2.11)
|
rails (= 3.2.12)
|
||||||
rails-i18n (= 0.7.0)
|
rails-i18n (= 0.7.0)
|
||||||
rails_admin (= 0.2.0)
|
rails_admin (= 0.2.0)
|
||||||
rails_autolink (= 1.0.9)
|
rails_autolink (= 1.0.9)
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,7 @@
|
||||||
|
|
||||||
defaults:
|
defaults:
|
||||||
version:
|
version:
|
||||||
number: "0.0.2.4"
|
number: "0.0.2.5"
|
||||||
release: true # Do not touch unless in a merge conflict on doing a release, master should have a commit setting this to true which is not backported to the develop branch.
|
release: true # Do not touch unless in a merge conflict on doing a release, master should have a commit setting this to true which is not backported to the develop branch.
|
||||||
heroku: false
|
heroku: false
|
||||||
environment:
|
environment:
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue