CVE-2015-3226 + CVE-2015-3227 Fix Cross Site Execution in JSON keys and A possible XML Parsing DoS by updating to Rails 4.2.2
This commit is contained in:
Yuki
parent
4b891b3f70
commit
becfced2d9
2
Gemfile
2
Gemfile
|
|
@ -1,7 +1,7 @@
|
||||||
source 'https://rubygems.org'
|
source 'https://rubygems.org'
|
||||||
source 'https://rails-assets.org'
|
source 'https://rails-assets.org'
|
||||||
|
|
||||||
gem 'rails', '4.2.1'
|
gem 'rails', '4.2.2'
|
||||||
gem 'rails-i18n'
|
gem 'rails-i18n'
|
||||||
gem 'i18n-js'
|
gem 'i18n-js'
|
||||||
|
|
||||||
|
|
|
||||||
82
Gemfile.lock
82
Gemfile.lock
|
|
@ -9,43 +9,43 @@ GEM
|
||||||
remote: https://rails-assets.org/
|
remote: https://rails-assets.org/
|
||||||
specs:
|
specs:
|
||||||
CFPropertyList (2.3.1)
|
CFPropertyList (2.3.1)
|
||||||
actionmailer (4.2.1)
|
actionmailer (4.2.2)
|
||||||
actionpack (= 4.2.1)
|
actionpack (= 4.2.2)
|
||||||
actionview (= 4.2.1)
|
actionview (= 4.2.2)
|
||||||
activejob (= 4.2.1)
|
activejob (= 4.2.2)
|
||||||
mail (~> 2.5, >= 2.5.4)
|
mail (~> 2.5, >= 2.5.4)
|
||||||
rails-dom-testing (~> 1.0, >= 1.0.5)
|
rails-dom-testing (~> 1.0, >= 1.0.5)
|
||||||
actionpack (4.2.1)
|
actionpack (4.2.2)
|
||||||
actionview (= 4.2.1)
|
actionview (= 4.2.2)
|
||||||
activesupport (= 4.2.1)
|
activesupport (= 4.2.2)
|
||||||
rack (~> 1.6)
|
rack (~> 1.6)
|
||||||
rack-test (~> 0.6.2)
|
rack-test (~> 0.6.2)
|
||||||
rails-dom-testing (~> 1.0, >= 1.0.5)
|
rails-dom-testing (~> 1.0, >= 1.0.5)
|
||||||
rails-html-sanitizer (~> 1.0, >= 1.0.1)
|
rails-html-sanitizer (~> 1.0, >= 1.0.1)
|
||||||
actionview (4.2.1)
|
actionview (4.2.2)
|
||||||
activesupport (= 4.2.1)
|
activesupport (= 4.2.2)
|
||||||
builder (~> 3.1)
|
builder (~> 3.1)
|
||||||
erubis (~> 2.7.0)
|
erubis (~> 2.7.0)
|
||||||
rails-dom-testing (~> 1.0, >= 1.0.5)
|
rails-dom-testing (~> 1.0, >= 1.0.5)
|
||||||
rails-html-sanitizer (~> 1.0, >= 1.0.1)
|
rails-html-sanitizer (~> 1.0, >= 1.0.1)
|
||||||
activejob (4.2.1)
|
activejob (4.2.2)
|
||||||
activesupport (= 4.2.1)
|
activesupport (= 4.2.2)
|
||||||
globalid (>= 0.3.0)
|
globalid (>= 0.3.0)
|
||||||
activemodel (4.2.1)
|
activemodel (4.2.2)
|
||||||
activesupport (= 4.2.1)
|
activesupport (= 4.2.2)
|
||||||
builder (~> 3.1)
|
builder (~> 3.1)
|
||||||
activerecord (4.2.1)
|
activerecord (4.2.2)
|
||||||
activemodel (= 4.2.1)
|
activemodel (= 4.2.2)
|
||||||
activesupport (= 4.2.1)
|
activesupport (= 4.2.2)
|
||||||
arel (~> 6.0)
|
arel (~> 6.0)
|
||||||
activesupport (4.2.1)
|
activesupport (4.2.2)
|
||||||
i18n (~> 0.7)
|
i18n (~> 0.7)
|
||||||
json (~> 1.7, >= 1.7.7)
|
json (~> 1.7, >= 1.7.7)
|
||||||
minitest (~> 5.1)
|
minitest (~> 5.1)
|
||||||
thread_safe (~> 0.3, >= 0.3.4)
|
thread_safe (~> 0.3, >= 0.3.4)
|
||||||
tzinfo (~> 1.1)
|
tzinfo (~> 1.1)
|
||||||
addressable (2.3.8)
|
addressable (2.3.8)
|
||||||
arel (6.0.0)
|
arel (6.0.3)
|
||||||
bcrypt (3.1.10)
|
bcrypt (3.1.10)
|
||||||
better_errors (2.1.1)
|
better_errors (2.1.1)
|
||||||
coderay (>= 1.0.0)
|
coderay (>= 1.0.0)
|
||||||
|
|
@ -213,7 +213,7 @@ GEM
|
||||||
foreman (0.78.0)
|
foreman (0.78.0)
|
||||||
thor (~> 0.19.1)
|
thor (~> 0.19.1)
|
||||||
formatador (0.2.5)
|
formatador (0.2.5)
|
||||||
globalid (0.3.5)
|
globalid (0.3.6)
|
||||||
activesupport (>= 4.1.0)
|
activesupport (>= 4.1.0)
|
||||||
haml (4.0.6)
|
haml (4.0.6)
|
||||||
tilt
|
tilt
|
||||||
|
|
@ -243,7 +243,7 @@ GEM
|
||||||
turbolinks
|
turbolinks
|
||||||
jquery-ui-rails (5.0.3)
|
jquery-ui-rails (5.0.3)
|
||||||
railties (>= 3.2.16)
|
railties (>= 3.2.16)
|
||||||
json (1.8.2)
|
json (1.8.3)
|
||||||
kaminari (0.16.3)
|
kaminari (0.16.3)
|
||||||
actionpack (>= 3.0.0)
|
actionpack (>= 3.0.0)
|
||||||
activesupport (>= 3.0.0)
|
activesupport (>= 3.0.0)
|
||||||
|
|
@ -252,18 +252,18 @@ GEM
|
||||||
addressable (~> 2.3)
|
addressable (~> 2.3)
|
||||||
letter_opener (1.4.1)
|
letter_opener (1.4.1)
|
||||||
launchy (~> 2.2)
|
launchy (~> 2.2)
|
||||||
loofah (2.0.1)
|
loofah (2.0.3)
|
||||||
nokogiri (>= 1.5.9)
|
nokogiri (>= 1.5.9)
|
||||||
mail (2.6.3)
|
mail (2.6.3)
|
||||||
mime-types (>= 1.16, < 3)
|
mime-types (>= 1.16, < 3)
|
||||||
memoizable (0.4.2)
|
memoizable (0.4.2)
|
||||||
thread_safe (~> 0.3, >= 0.3.1)
|
thread_safe (~> 0.3, >= 0.3.1)
|
||||||
mime-types (2.4.3)
|
mime-types (2.6.1)
|
||||||
mini_portile (0.6.2)
|
mini_portile (0.6.2)
|
||||||
minitest (5.6.0)
|
minitest (5.8.0)
|
||||||
momentjs-rails (2.9.0)
|
momentjs-rails (2.9.0)
|
||||||
railties (>= 3.1)
|
railties (>= 3.1)
|
||||||
multi_json (1.11.0)
|
multi_json (1.11.2)
|
||||||
multipart-post (2.0.0)
|
multipart-post (2.0.0)
|
||||||
mysql2 (0.3.18)
|
mysql2 (0.3.18)
|
||||||
naught (1.0.0)
|
naught (1.0.0)
|
||||||
|
|
@ -302,7 +302,7 @@ GEM
|
||||||
cliver (~> 0.3.1)
|
cliver (~> 0.3.1)
|
||||||
multi_json (~> 1.0)
|
multi_json (~> 1.0)
|
||||||
websocket-driver (>= 0.2.0)
|
websocket-driver (>= 0.2.0)
|
||||||
rack (1.6.0)
|
rack (1.6.4)
|
||||||
rack-pjax (0.8.0)
|
rack-pjax (0.8.0)
|
||||||
nokogiri (~> 1.5)
|
nokogiri (~> 1.5)
|
||||||
rack (~> 1.1)
|
rack (~> 1.1)
|
||||||
|
|
@ -310,23 +310,23 @@ GEM
|
||||||
rack
|
rack
|
||||||
rack-test (0.6.3)
|
rack-test (0.6.3)
|
||||||
rack (>= 1.0)
|
rack (>= 1.0)
|
||||||
rails (4.2.1)
|
rails (4.2.2)
|
||||||
actionmailer (= 4.2.1)
|
actionmailer (= 4.2.2)
|
||||||
actionpack (= 4.2.1)
|
actionpack (= 4.2.2)
|
||||||
actionview (= 4.2.1)
|
actionview (= 4.2.2)
|
||||||
activejob (= 4.2.1)
|
activejob (= 4.2.2)
|
||||||
activemodel (= 4.2.1)
|
activemodel (= 4.2.2)
|
||||||
activerecord (= 4.2.1)
|
activerecord (= 4.2.2)
|
||||||
activesupport (= 4.2.1)
|
activesupport (= 4.2.2)
|
||||||
bundler (>= 1.3.0, < 2.0)
|
bundler (>= 1.3.0, < 2.0)
|
||||||
railties (= 4.2.1)
|
railties (= 4.2.2)
|
||||||
sprockets-rails
|
sprockets-rails
|
||||||
rails-assets-growl (1.2.5)
|
rails-assets-growl (1.2.5)
|
||||||
rails-assets-jquery
|
rails-assets-jquery
|
||||||
rails-assets-jquery (2.1.3)
|
rails-assets-jquery (2.1.3)
|
||||||
rails-deprecated_sanitizer (1.0.3)
|
rails-deprecated_sanitizer (1.0.3)
|
||||||
activesupport (>= 4.2.0.alpha)
|
activesupport (>= 4.2.0.alpha)
|
||||||
rails-dom-testing (1.0.6)
|
rails-dom-testing (1.0.7)
|
||||||
activesupport (>= 4.2.0.beta, < 5.0)
|
activesupport (>= 4.2.0.beta, < 5.0)
|
||||||
nokogiri (~> 1.6.0)
|
nokogiri (~> 1.6.0)
|
||||||
rails-deprecated_sanitizer (>= 1.0.1)
|
rails-deprecated_sanitizer (>= 1.0.1)
|
||||||
|
|
@ -349,9 +349,9 @@ GEM
|
||||||
remotipart (~> 1.0)
|
remotipart (~> 1.0)
|
||||||
safe_yaml (~> 1.0)
|
safe_yaml (~> 1.0)
|
||||||
sass-rails (>= 4.0, < 6)
|
sass-rails (>= 4.0, < 6)
|
||||||
railties (4.2.1)
|
railties (4.2.2)
|
||||||
actionpack (= 4.2.1)
|
actionpack (= 4.2.2)
|
||||||
activesupport (= 4.2.1)
|
activesupport (= 4.2.2)
|
||||||
rake (>= 0.8.7)
|
rake (>= 0.8.7)
|
||||||
thor (>= 0.18.1, < 2.0)
|
thor (>= 0.18.1, < 2.0)
|
||||||
raindrops (0.13.0)
|
raindrops (0.13.0)
|
||||||
|
|
@ -420,12 +420,12 @@ GEM
|
||||||
rack-protection (~> 1.4)
|
rack-protection (~> 1.4)
|
||||||
tilt (>= 1.3, < 3)
|
tilt (>= 1.3, < 3)
|
||||||
spring (1.3.5)
|
spring (1.3.5)
|
||||||
sprockets (2.12.3)
|
sprockets (2.12.4)
|
||||||
hike (~> 1.2)
|
hike (~> 1.2)
|
||||||
multi_json (~> 1.0)
|
multi_json (~> 1.0)
|
||||||
rack (~> 1.0)
|
rack (~> 1.0)
|
||||||
tilt (~> 1.1, != 1.3.0)
|
tilt (~> 1.1, != 1.3.0)
|
||||||
sprockets-rails (2.2.4)
|
sprockets-rails (2.3.2)
|
||||||
actionpack (>= 3.0)
|
actionpack (>= 3.0)
|
||||||
activesupport (>= 3.0)
|
activesupport (>= 3.0)
|
||||||
sprockets (>= 2.8, < 4.0)
|
sprockets (>= 2.8, < 4.0)
|
||||||
|
|
@ -533,7 +533,7 @@ DEPENDENCIES
|
||||||
pghero
|
pghero
|
||||||
poltergeist
|
poltergeist
|
||||||
questiongenerator!
|
questiongenerator!
|
||||||
rails (= 4.2.1)
|
rails (= 4.2.2)
|
||||||
rails-assets-growl
|
rails-assets-growl
|
||||||
rails-i18n
|
rails-i18n
|
||||||
rails_admin
|
rails_admin
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue