Merge branch 'hotfix/0.5.6.2'
This commit is contained in:
Dennis Schubert
commit
c37154e6b3
4 changed files with 45 additions and 34 deletions
11
Changelog.md
11
Changelog.md
|
|
@ -1,3 +1,14 @@
|
||||||
|
# 0.5.6.2
|
||||||
|
|
||||||
|
* Fix [CVE-2016-0751](https://groups.google.com/forum/#!topic/rubyonrails-security/9oLY_FCzvoc) - Possible Object Leak and Denial of Service attack in Action Pack
|
||||||
|
* Fix [CVE-2015-7581](https://groups.google.com/forum/#!topic/rubyonrails-security/dthJ5wL69JE) - Object leak vulnerability for wildcard controller routes in Action Pack
|
||||||
|
* Fix [CVE-2015-7576](https://groups.google.com/forum/#!topic/rubyonrails-security/ANv0HDHEC3k) - Timing attack vulnerability in basic authentication in Action Controller
|
||||||
|
* Fix [CVE-2016-0752](https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00) - Possible Information Leak Vulnerability in Action View
|
||||||
|
* Fix [CVE-2016-0753](https://groups.google.com/forum/#!topic/rubyonrails-security/6jQVC1geukQ) - Possible Input Validation Circumvention in Active Model
|
||||||
|
* Fix [CVE-2015-7577](https://groups.google.com/forum/#!topic/rubyonrails-security/cawsWcQ6c8g) - Nested attributes rejection proc bypass in Active Record
|
||||||
|
* Fix [CVE-2015-7579](https://groups.google.com/forum/#!topic/rubyonrails-security/OU9ugTZcbjc) - XSS vulnerability in rails-html-sanitizer
|
||||||
|
* Fix [CVE-2015-7578](https://groups.google.com/forum/#!topic/rubyonrails-security/uh--W4TDwmI) - Possible XSS vulnerability in rails-html-sanitizer
|
||||||
|
|
||||||
# 0.5.6.1
|
# 0.5.6.1
|
||||||
|
|
||||||
* Fix Nokogiri CVE-2015-7499
|
* Fix Nokogiri CVE-2015-7499
|
||||||
|
|
|
||||||
2
Gemfile
2
Gemfile
|
|
@ -1,6 +1,6 @@
|
||||||
source "https://rubygems.org"
|
source "https://rubygems.org"
|
||||||
|
|
||||||
gem "rails", "4.2.5"
|
gem "rails", "4.2.5.1"
|
||||||
|
|
||||||
# Legacy Rails features, remove me!
|
# Legacy Rails features, remove me!
|
||||||
# responders (class level)
|
# responders (class level)
|
||||||
|
|
|
||||||
64
Gemfile.lock
64
Gemfile.lock
|
|
@ -3,40 +3,40 @@ GEM
|
||||||
remote: https://rails-assets.org/
|
remote: https://rails-assets.org/
|
||||||
specs:
|
specs:
|
||||||
CFPropertyList (2.3.2)
|
CFPropertyList (2.3.2)
|
||||||
actionmailer (4.2.5)
|
actionmailer (4.2.5.1)
|
||||||
actionpack (= 4.2.5)
|
actionpack (= 4.2.5.1)
|
||||||
actionview (= 4.2.5)
|
actionview (= 4.2.5.1)
|
||||||
activejob (= 4.2.5)
|
activejob (= 4.2.5.1)
|
||||||
mail (~> 2.5, >= 2.5.4)
|
mail (~> 2.5, >= 2.5.4)
|
||||||
rails-dom-testing (~> 1.0, >= 1.0.5)
|
rails-dom-testing (~> 1.0, >= 1.0.5)
|
||||||
actionpack (4.2.5)
|
actionpack (4.2.5.1)
|
||||||
actionview (= 4.2.5)
|
actionview (= 4.2.5.1)
|
||||||
activesupport (= 4.2.5)
|
activesupport (= 4.2.5.1)
|
||||||
rack (~> 1.6)
|
rack (~> 1.6)
|
||||||
rack-test (~> 0.6.2)
|
rack-test (~> 0.6.2)
|
||||||
rails-dom-testing (~> 1.0, >= 1.0.5)
|
rails-dom-testing (~> 1.0, >= 1.0.5)
|
||||||
rails-html-sanitizer (~> 1.0, >= 1.0.2)
|
rails-html-sanitizer (~> 1.0, >= 1.0.2)
|
||||||
actionview (4.2.5)
|
actionview (4.2.5.1)
|
||||||
activesupport (= 4.2.5)
|
activesupport (= 4.2.5.1)
|
||||||
builder (~> 3.1)
|
builder (~> 3.1)
|
||||||
erubis (~> 2.7.0)
|
erubis (~> 2.7.0)
|
||||||
rails-dom-testing (~> 1.0, >= 1.0.5)
|
rails-dom-testing (~> 1.0, >= 1.0.5)
|
||||||
rails-html-sanitizer (~> 1.0, >= 1.0.2)
|
rails-html-sanitizer (~> 1.0, >= 1.0.2)
|
||||||
active_model_serializers (0.9.3)
|
active_model_serializers (0.9.3)
|
||||||
activemodel (>= 3.2)
|
activemodel (>= 3.2)
|
||||||
activejob (4.2.5)
|
activejob (4.2.5.1)
|
||||||
activesupport (= 4.2.5)
|
activesupport (= 4.2.5.1)
|
||||||
globalid (>= 0.3.0)
|
globalid (>= 0.3.0)
|
||||||
activemodel (4.2.5)
|
activemodel (4.2.5.1)
|
||||||
activesupport (= 4.2.5)
|
activesupport (= 4.2.5.1)
|
||||||
builder (~> 3.1)
|
builder (~> 3.1)
|
||||||
activerecord (4.2.5)
|
activerecord (4.2.5.1)
|
||||||
activemodel (= 4.2.5)
|
activemodel (= 4.2.5.1)
|
||||||
activesupport (= 4.2.5)
|
activesupport (= 4.2.5.1)
|
||||||
arel (~> 6.0)
|
arel (~> 6.0)
|
||||||
activerecord-import (0.10.0)
|
activerecord-import (0.10.0)
|
||||||
activerecord (>= 3.0)
|
activerecord (>= 3.0)
|
||||||
activesupport (4.2.5)
|
activesupport (4.2.5.1)
|
||||||
i18n (~> 0.7)
|
i18n (~> 0.7)
|
||||||
json (~> 1.7, >= 1.7.7)
|
json (~> 1.7, >= 1.7.7)
|
||||||
minitest (~> 5.1)
|
minitest (~> 5.1)
|
||||||
|
|
@ -445,7 +445,7 @@ GEM
|
||||||
mime-types (2.99)
|
mime-types (2.99)
|
||||||
mini_magick (4.3.6)
|
mini_magick (4.3.6)
|
||||||
mini_portile2 (2.0.0)
|
mini_portile2 (2.0.0)
|
||||||
minitest (5.8.3)
|
minitest (5.8.4)
|
||||||
mobile-fu (1.3.1)
|
mobile-fu (1.3.1)
|
||||||
rack-mobile-detect
|
rack-mobile-detect
|
||||||
rails
|
rails
|
||||||
|
|
@ -526,16 +526,16 @@ GEM
|
||||||
rack
|
rack
|
||||||
rack-test (0.6.3)
|
rack-test (0.6.3)
|
||||||
rack (>= 1.0)
|
rack (>= 1.0)
|
||||||
rails (4.2.5)
|
rails (4.2.5.1)
|
||||||
actionmailer (= 4.2.5)
|
actionmailer (= 4.2.5.1)
|
||||||
actionpack (= 4.2.5)
|
actionpack (= 4.2.5.1)
|
||||||
actionview (= 4.2.5)
|
actionview (= 4.2.5.1)
|
||||||
activejob (= 4.2.5)
|
activejob (= 4.2.5.1)
|
||||||
activemodel (= 4.2.5)
|
activemodel (= 4.2.5.1)
|
||||||
activerecord (= 4.2.5)
|
activerecord (= 4.2.5.1)
|
||||||
activesupport (= 4.2.5)
|
activesupport (= 4.2.5.1)
|
||||||
bundler (>= 1.3.0, < 2.0)
|
bundler (>= 1.3.0, < 2.0)
|
||||||
railties (= 4.2.5)
|
railties (= 4.2.5.1)
|
||||||
sprockets-rails
|
sprockets-rails
|
||||||
rails-assets-diaspora_jsxc (0.1.4)
|
rails-assets-diaspora_jsxc (0.1.4)
|
||||||
rails-assets-favico.js (~> 0.3.9)
|
rails-assets-favico.js (~> 0.3.9)
|
||||||
|
|
@ -578,7 +578,7 @@ GEM
|
||||||
activesupport (>= 4.2.0.beta, < 5.0)
|
activesupport (>= 4.2.0.beta, < 5.0)
|
||||||
nokogiri (~> 1.6.0)
|
nokogiri (~> 1.6.0)
|
||||||
rails-deprecated_sanitizer (>= 1.0.1)
|
rails-deprecated_sanitizer (>= 1.0.1)
|
||||||
rails-html-sanitizer (1.0.2)
|
rails-html-sanitizer (1.0.3)
|
||||||
loofah (~> 2.0)
|
loofah (~> 2.0)
|
||||||
rails-i18n (4.0.8)
|
rails-i18n (4.0.8)
|
||||||
i18n (~> 0.7)
|
i18n (~> 0.7)
|
||||||
|
|
@ -600,9 +600,9 @@ GEM
|
||||||
remotipart (~> 1.0)
|
remotipart (~> 1.0)
|
||||||
safe_yaml (~> 1.0)
|
safe_yaml (~> 1.0)
|
||||||
sass-rails (>= 4.0, < 6)
|
sass-rails (>= 4.0, < 6)
|
||||||
railties (4.2.5)
|
railties (4.2.5.1)
|
||||||
actionpack (= 4.2.5)
|
actionpack (= 4.2.5.1)
|
||||||
activesupport (= 4.2.5)
|
activesupport (= 4.2.5.1)
|
||||||
rake (>= 0.8.7)
|
rake (>= 0.8.7)
|
||||||
thor (>= 0.18.1, < 2.0)
|
thor (>= 0.18.1, < 2.0)
|
||||||
rainbow (2.0.0)
|
rainbow (2.0.0)
|
||||||
|
|
@ -847,7 +847,7 @@ DEPENDENCIES
|
||||||
rack-protection (= 1.5.3)
|
rack-protection (= 1.5.3)
|
||||||
rack-rewrite (= 1.5.1)
|
rack-rewrite (= 1.5.1)
|
||||||
rack-ssl (= 1.4.1)
|
rack-ssl (= 1.4.1)
|
||||||
rails (= 4.2.5)
|
rails (= 4.2.5.1)
|
||||||
rails-assets-diaspora_jsxc (~> 0.1.4)!
|
rails-assets-diaspora_jsxc (~> 0.1.4)!
|
||||||
rails-assets-highlightjs (= 9.0.0)!
|
rails-assets-highlightjs (= 9.0.0)!
|
||||||
rails-assets-jakobmattsson--jquery-elastic (= 1.6.11)!
|
rails-assets-jakobmattsson--jquery-elastic (= 1.6.11)!
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,7 @@
|
||||||
|
|
||||||
defaults:
|
defaults:
|
||||||
version:
|
version:
|
||||||
number: "0.5.6.1" # Do not touch unless doing a release, do not backport the version number that's in master
|
number: "0.5.6.2" # Do not touch unless doing a release, do not backport the version number that's in master
|
||||||
heroku: false
|
heroku: false
|
||||||
environment:
|
environment:
|
||||||
url: "http://localhost:3000/"
|
url: "http://localhost:3000/"
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue