nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Bump rails

Browse source
This commit is contained in:
Dennis Schubert 2016-01-26 14:28:02 +01:00
parent c04ee239c6
commit 33af30529a
3 changed files with 42 additions and 33 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
Changelog.md
View file

@ -1,5 +1,14 @@
# 0.5.6.2 # 0.5.6.2
* Fix [CVE-2016-0751](https://groups.google.com/forum/#!topic/rubyonrails-security/9oLY_FCzvoc) - Possible Object Leak and Denial of Service attack in Action Pack
* Fix [CVE-2015-7581](https://groups.google.com/forum/#!topic/rubyonrails-security/dthJ5wL69JE) - Object leak vulnerability for wildcard controller routes in Action Pack
* Fix [CVE-2015-7576](https://groups.google.com/forum/#!topic/rubyonrails-security/ANv0HDHEC3k) - Timing attack vulnerability in basic authentication in Action Controller
* Fix [CVE-2016-0752](https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00) - Possible Information Leak Vulnerability in Action View
* Fix [CVE-2016-0753](https://groups.google.com/forum/#!topic/rubyonrails-security/6jQVC1geukQ) - Possible Input Validation Circumvention in Active Model
* Fix [CVE-2015-7577](https://groups.google.com/forum/#!topic/rubyonrails-security/cawsWcQ6c8g) - Nested attributes rejection proc bypass in Active Record
* Fix [CVE-2015-7579](https://groups.google.com/forum/#!topic/rubyonrails-security/OU9ugTZcbjc) - XSS vulnerability in rails-html-sanitizer
* Fix [CVE-2015-7578](https://groups.google.com/forum/#!topic/rubyonrails-security/uh--W4TDwmI) - Possible XSS vulnerability in rails-html-sanitizer
# 0.5.6.1 # 0.5.6.1
* Fix Nokogiri CVE-2015-7499 * Fix Nokogiri CVE-2015-7499

2
Gemfile
View file

@ -1,6 +1,6 @@
source "https://rubygems.org" source "https://rubygems.org"
gem "rails", "4.2.5" gem "rails", "4.2.5.1"
# Legacy Rails features, remove me! # Legacy Rails features, remove me!
# responders (class level) # responders (class level)

64
Gemfile.lock
View file

@ -3,40 +3,40 @@ GEM
remote: https://rails-assets.org/ remote: https://rails-assets.org/
specs: specs:
CFPropertyList (2.3.2) CFPropertyList (2.3.2)
actionmailer (4.2.5) actionmailer (4.2.5.1)
actionpack (= 4.2.5) actionpack (= 4.2.5.1)
actionview (= 4.2.5) actionview (= 4.2.5.1)
activejob (= 4.2.5) activejob (= 4.2.5.1)
mail (~> 2.5, >= 2.5.4) mail (~> 2.5, >= 2.5.4)
rails-dom-testing (~> 1.0, >= 1.0.5) rails-dom-testing (~> 1.0, >= 1.0.5)
actionpack (4.2.5) actionpack (4.2.5.1)
actionview (= 4.2.5) actionview (= 4.2.5.1)
activesupport (= 4.2.5) activesupport (= 4.2.5.1)
rack (~> 1.6) rack (~> 1.6)
rack-test (~> 0.6.2) rack-test (~> 0.6.2)
rails-dom-testing (~> 1.0, >= 1.0.5) rails-dom-testing (~> 1.0, >= 1.0.5)
rails-html-sanitizer (~> 1.0, >= 1.0.2) rails-html-sanitizer (~> 1.0, >= 1.0.2)
actionview (4.2.5) actionview (4.2.5.1)
activesupport (= 4.2.5) activesupport (= 4.2.5.1)
builder (~> 3.1) builder (~> 3.1)
erubis (~> 2.7.0) erubis (~> 2.7.0)
rails-dom-testing (~> 1.0, >= 1.0.5) rails-dom-testing (~> 1.0, >= 1.0.5)
rails-html-sanitizer (~> 1.0, >= 1.0.2) rails-html-sanitizer (~> 1.0, >= 1.0.2)
active_model_serializers (0.9.3) active_model_serializers (0.9.3)
activemodel (>= 3.2) activemodel (>= 3.2)
activejob (4.2.5) activejob (4.2.5.1)
activesupport (= 4.2.5) activesupport (= 4.2.5.1)
globalid (>= 0.3.0) globalid (>= 0.3.0)
activemodel (4.2.5) activemodel (4.2.5.1)
activesupport (= 4.2.5) activesupport (= 4.2.5.1)
builder (~> 3.1) builder (~> 3.1)
activerecord (4.2.5) activerecord (4.2.5.1)
activemodel (= 4.2.5) activemodel (= 4.2.5.1)
activesupport (= 4.2.5) activesupport (= 4.2.5.1)
arel (~> 6.0) arel (~> 6.0)
activerecord-import (0.10.0) activerecord-import (0.10.0)
activerecord (>= 3.0) activerecord (>= 3.0)
activesupport (4.2.5) activesupport (4.2.5.1)
i18n (~> 0.7) i18n (~> 0.7)
json (~> 1.7, >= 1.7.7) json (~> 1.7, >= 1.7.7)
minitest (~> 5.1) minitest (~> 5.1)
@ -445,7 +445,7 @@ GEM
mime-types (2.99) mime-types (2.99)
mini_magick (4.3.6) mini_magick (4.3.6)
mini_portile2 (2.0.0) mini_portile2 (2.0.0)
minitest (5.8.3) minitest (5.8.4)
mobile-fu (1.3.1) mobile-fu (1.3.1)
rack-mobile-detect rack-mobile-detect
rails rails
@ -526,16 +526,16 @@ GEM
rack rack
rack-test (0.6.3) rack-test (0.6.3)
rack (>= 1.0) rack (>= 1.0)
rails (4.2.5) rails (4.2.5.1)
actionmailer (= 4.2.5) actionmailer (= 4.2.5.1)
actionpack (= 4.2.5) actionpack (= 4.2.5.1)
actionview (= 4.2.5) actionview (= 4.2.5.1)
activejob (= 4.2.5) activejob (= 4.2.5.1)
activemodel (= 4.2.5) activemodel (= 4.2.5.1)
activerecord (= 4.2.5) activerecord (= 4.2.5.1)
activesupport (= 4.2.5) activesupport (= 4.2.5.1)
bundler (>= 1.3.0, < 2.0) bundler (>= 1.3.0, < 2.0)
railties (= 4.2.5) railties (= 4.2.5.1)
sprockets-rails sprockets-rails
rails-assets-diaspora_jsxc (0.1.4) rails-assets-diaspora_jsxc (0.1.4)
rails-assets-favico.js (~> 0.3.9) rails-assets-favico.js (~> 0.3.9)
@ -578,7 +578,7 @@ GEM
activesupport (>= 4.2.0.beta, < 5.0) activesupport (>= 4.2.0.beta, < 5.0)
nokogiri (~> 1.6.0) nokogiri (~> 1.6.0)
rails-deprecated_sanitizer (>= 1.0.1) rails-deprecated_sanitizer (>= 1.0.1)
rails-html-sanitizer (1.0.2) rails-html-sanitizer (1.0.3)
loofah (~> 2.0) loofah (~> 2.0)
rails-i18n (4.0.8) rails-i18n (4.0.8)
i18n (~> 0.7) i18n (~> 0.7)
@ -600,9 +600,9 @@ GEM
remotipart (~> 1.0) remotipart (~> 1.0)
safe_yaml (~> 1.0) safe_yaml (~> 1.0)
sass-rails (>= 4.0, < 6) sass-rails (>= 4.0, < 6)
railties (4.2.5) railties (4.2.5.1)
actionpack (= 4.2.5) actionpack (= 4.2.5.1)
activesupport (= 4.2.5) activesupport (= 4.2.5.1)
rake (>= 0.8.7) rake (>= 0.8.7)
thor (>= 0.18.1, < 2.0) thor (>= 0.18.1, < 2.0)
rainbow (2.0.0) rainbow (2.0.0)
@ -847,7 +847,7 @@ DEPENDENCIES
rack-protection (= 1.5.3) rack-protection (= 1.5.3)
rack-rewrite (= 1.5.1) rack-rewrite (= 1.5.1)
rack-ssl (= 1.4.1) rack-ssl (= 1.4.1)
rails (= 4.2.5) rails (= 4.2.5.1)
rails-assets-diaspora_jsxc (~> 0.1.4)! rails-assets-diaspora_jsxc (~> 0.1.4)!
rails-assets-highlightjs (= 9.0.0)! rails-assets-highlightjs (= 9.0.0)!
rails-assets-jakobmattsson--jquery-elastic (= 1.6.11)! rails-assets-jakobmattsson--jquery-elastic (= 1.6.11)!