Merge branch 'hotfix/0.0.2.5' into develop
Conflicts: Changelog.md Gemfile.lock config/defaults.yml
This commit is contained in:
Jonne Haß
commit
ad4ba363a9
3 changed files with 40 additions and 34 deletions
|
|
@ -100,6 +100,12 @@
|
|||
* ffi 1.1.5 -> 1.3.1
|
||||
* configurate 0.0.1 -> 0.0.2
|
||||
|
||||
# 0.0.2.5
|
||||
|
||||
* Fix CVE-2013-0269 by updating the gems json to 1.7.7 and multi\_json to 1.5.1. [Read more](https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_YvCpLzL58)
|
||||
* Additionally ensure can't affect us by bumping Rails to 3.2.12. [Read more](https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/AFBKNY7VSH8)
|
||||
* And exclude CVE-2013-0262 and CVE-2013-0263 by updating rack to 1.4.5.
|
||||
|
||||
# 0.0.2.4
|
||||
|
||||
* Fix XSS vulnerabilities caused by not escaping a users name fields when loading it from JSON. [#3948](https://github.com/diaspora/diaspora/issues/3948)
|
||||
|
|
|
|||
4
Gemfile
4
Gemfile
|
|
@ -1,6 +1,6 @@
|
|||
source 'http://rubygems.org'
|
||||
|
||||
gem 'rails', '3.2.11'
|
||||
gem 'rails', '3.2.12'
|
||||
|
||||
gem 'foreman', '0.61'
|
||||
|
||||
|
|
@ -66,7 +66,7 @@ gem 'mini_magick', '3.4'
|
|||
|
||||
# JSON and API
|
||||
|
||||
gem 'json', '1.7.5'
|
||||
gem 'json', '1.7.7'
|
||||
gem 'acts_as_api', '0.4.1 '
|
||||
|
||||
# localization
|
||||
|
|
|
|||
64
Gemfile.lock
64
Gemfile.lock
|
|
@ -10,34 +10,34 @@ GIT
|
|||
GEM
|
||||
remote: http://rubygems.org/
|
||||
specs:
|
||||
actionmailer (3.2.11)
|
||||
actionpack (= 3.2.11)
|
||||
actionmailer (3.2.12)
|
||||
actionpack (= 3.2.12)
|
||||
mail (~> 2.4.4)
|
||||
actionpack (3.2.11)
|
||||
activemodel (= 3.2.11)
|
||||
activesupport (= 3.2.11)
|
||||
actionpack (3.2.12)
|
||||
activemodel (= 3.2.12)
|
||||
activesupport (= 3.2.12)
|
||||
builder (~> 3.0.0)
|
||||
erubis (~> 2.7.0)
|
||||
journey (~> 1.0.4)
|
||||
rack (~> 1.4.0)
|
||||
rack (~> 1.4.5)
|
||||
rack-cache (~> 1.2)
|
||||
rack-test (~> 0.6.1)
|
||||
sprockets (~> 2.2.1)
|
||||
activemodel (3.2.11)
|
||||
activesupport (= 3.2.11)
|
||||
activemodel (3.2.12)
|
||||
activesupport (= 3.2.12)
|
||||
builder (~> 3.0.0)
|
||||
activerecord (3.2.11)
|
||||
activemodel (= 3.2.11)
|
||||
activesupport (= 3.2.11)
|
||||
activerecord (3.2.12)
|
||||
activemodel (= 3.2.12)
|
||||
activesupport (= 3.2.12)
|
||||
arel (~> 3.0.2)
|
||||
tzinfo (~> 0.3.29)
|
||||
activerecord-import (0.2.11)
|
||||
activerecord (~> 3.0)
|
||||
activerecord (~> 3.0)
|
||||
activeresource (3.2.11)
|
||||
activemodel (= 3.2.11)
|
||||
activesupport (= 3.2.11)
|
||||
activesupport (3.2.11)
|
||||
activeresource (3.2.12)
|
||||
activemodel (= 3.2.12)
|
||||
activesupport (= 3.2.12)
|
||||
activesupport (3.2.12)
|
||||
i18n (~> 0.6)
|
||||
multi_json (~> 1.0)
|
||||
acts-as-taggable-on (2.3.3)
|
||||
|
|
@ -191,7 +191,7 @@ GEM
|
|||
jquery-ui-rails (3.0.1)
|
||||
jquery-rails
|
||||
railties (>= 3.1.0)
|
||||
json (1.7.5)
|
||||
json (1.7.7)
|
||||
jwt (0.1.5)
|
||||
multi_json (>= 1.0)
|
||||
kaminari (0.14.1)
|
||||
|
|
@ -211,13 +211,13 @@ GEM
|
|||
redcarpet (>= 2.0)
|
||||
messagebus_ruby_api (1.0.3)
|
||||
method_source (0.8.1)
|
||||
mime-types (1.19)
|
||||
mime-types (1.21)
|
||||
mini_magick (3.4)
|
||||
subexec (~> 0.2.1)
|
||||
mobile-fu (1.1.1)
|
||||
rack-mobile-detect
|
||||
rails
|
||||
multi_json (1.5.0)
|
||||
multi_json (1.5.1)
|
||||
multipart-post (1.1.5)
|
||||
mysql2 (0.3.11)
|
||||
nested_form (0.3.1)
|
||||
|
|
@ -258,7 +258,7 @@ GEM
|
|||
coderay (~> 1.0.5)
|
||||
method_source (~> 0.8)
|
||||
slop (~> 3.4)
|
||||
rack (1.4.4)
|
||||
rack (1.4.5)
|
||||
rack-cache (1.2)
|
||||
rack (>= 0.4)
|
||||
rack-cors (0.2.7)
|
||||
|
|
@ -277,14 +277,14 @@ GEM
|
|||
rack
|
||||
rack-test (0.6.2)
|
||||
rack (>= 1.0)
|
||||
rails (3.2.11)
|
||||
actionmailer (= 3.2.11)
|
||||
actionpack (= 3.2.11)
|
||||
activerecord (= 3.2.11)
|
||||
activeresource (= 3.2.11)
|
||||
activesupport (= 3.2.11)
|
||||
rails (3.2.12)
|
||||
actionmailer (= 3.2.12)
|
||||
actionpack (= 3.2.12)
|
||||
activerecord (= 3.2.12)
|
||||
activeresource (= 3.2.12)
|
||||
activesupport (= 3.2.12)
|
||||
bundler (~> 1.0)
|
||||
railties (= 3.2.11)
|
||||
railties (= 3.2.12)
|
||||
rails-i18n (0.7.2)
|
||||
i18n (~> 0.5)
|
||||
rails_admin (0.4.1)
|
||||
|
|
@ -303,9 +303,9 @@ GEM
|
|||
sass-rails (~> 3.1)
|
||||
rails_autolink (1.0.9)
|
||||
rails (~> 3.1)
|
||||
railties (3.2.11)
|
||||
actionpack (= 3.2.11)
|
||||
activesupport (= 3.2.11)
|
||||
railties (3.2.12)
|
||||
actionpack (= 3.2.12)
|
||||
activesupport (= 3.2.12)
|
||||
rack-ssl (~> 1.3.2)
|
||||
rake (>= 0.8.7)
|
||||
rdoc (~> 3.4)
|
||||
|
|
@ -315,7 +315,7 @@ GEM
|
|||
rb-fsevent (0.9.3)
|
||||
rb-inotify (0.9.0)
|
||||
ffi (>= 0.5.0)
|
||||
rdoc (3.12)
|
||||
rdoc (3.12.1)
|
||||
json (~> 1.4)
|
||||
redcarpet (2.2.2)
|
||||
redis (3.0.2)
|
||||
|
|
@ -443,7 +443,7 @@ DEPENDENCIES
|
|||
i18n-inflector-rails (~> 1.0)
|
||||
jasmine (= 1.3.1)
|
||||
jquery-rails (= 2.1.4)
|
||||
json (= 1.7.5)
|
||||
json (= 1.7.7)
|
||||
markerb (= 1.0.1)
|
||||
messagebus_ruby_api (= 1.0.3)
|
||||
mini_magick (= 3.4)
|
||||
|
|
@ -460,7 +460,7 @@ DEPENDENCIES
|
|||
rack-protection (= 1.2)
|
||||
rack-rewrite (= 1.3.3)
|
||||
rack-ssl (= 1.3.2)
|
||||
rails (= 3.2.11)
|
||||
rails (= 3.2.12)
|
||||
rails-i18n (= 0.7.2)
|
||||
rails_admin (= 0.4.1)
|
||||
rails_autolink (= 1.0.9)
|
||||
|
|
|
|||
Loading…
Reference in a new issue