CVE-2015-3226 + CVE-2015-3227 Fix Cross Site Execution in JSON keys and A possible XML Parsing DoS by updating to Rails 4.2.2
This commit is contained in:
Yuki
parent
4b891b3f70
commit
becfced2d9
2
Gemfile
2
Gemfile
|
|
@ -1,7 +1,7 @@
|
|||
source 'https://rubygems.org'
|
||||
source 'https://rails-assets.org'
|
||||
|
||||
gem 'rails', '4.2.1'
|
||||
gem 'rails', '4.2.2'
|
||||
gem 'rails-i18n'
|
||||
gem 'i18n-js'
|
||||
|
||||
|
|
|
|||
82
Gemfile.lock
82
Gemfile.lock
|
|
@ -9,43 +9,43 @@ GEM
|
|||
remote: https://rails-assets.org/
|
||||
specs:
|
||||
CFPropertyList (2.3.1)
|
||||
actionmailer (4.2.1)
|
||||
actionpack (= 4.2.1)
|
||||
actionview (= 4.2.1)
|
||||
activejob (= 4.2.1)
|
||||
actionmailer (4.2.2)
|
||||
actionpack (= 4.2.2)
|
||||
actionview (= 4.2.2)
|
||||
activejob (= 4.2.2)
|
||||
mail (~> 2.5, >= 2.5.4)
|
||||
rails-dom-testing (~> 1.0, >= 1.0.5)
|
||||
actionpack (4.2.1)
|
||||
actionview (= 4.2.1)
|
||||
activesupport (= 4.2.1)
|
||||
actionpack (4.2.2)
|
||||
actionview (= 4.2.2)
|
||||
activesupport (= 4.2.2)
|
||||
rack (~> 1.6)
|
||||
rack-test (~> 0.6.2)
|
||||
rails-dom-testing (~> 1.0, >= 1.0.5)
|
||||
rails-html-sanitizer (~> 1.0, >= 1.0.1)
|
||||
actionview (4.2.1)
|
||||
activesupport (= 4.2.1)
|
||||
actionview (4.2.2)
|
||||
activesupport (= 4.2.2)
|
||||
builder (~> 3.1)
|
||||
erubis (~> 2.7.0)
|
||||
rails-dom-testing (~> 1.0, >= 1.0.5)
|
||||
rails-html-sanitizer (~> 1.0, >= 1.0.1)
|
||||
activejob (4.2.1)
|
||||
activesupport (= 4.2.1)
|
||||
activejob (4.2.2)
|
||||
activesupport (= 4.2.2)
|
||||
globalid (>= 0.3.0)
|
||||
activemodel (4.2.1)
|
||||
activesupport (= 4.2.1)
|
||||
activemodel (4.2.2)
|
||||
activesupport (= 4.2.2)
|
||||
builder (~> 3.1)
|
||||
activerecord (4.2.1)
|
||||
activemodel (= 4.2.1)
|
||||
activesupport (= 4.2.1)
|
||||
activerecord (4.2.2)
|
||||
activemodel (= 4.2.2)
|
||||
activesupport (= 4.2.2)
|
||||
arel (~> 6.0)
|
||||
activesupport (4.2.1)
|
||||
activesupport (4.2.2)
|
||||
i18n (~> 0.7)
|
||||
json (~> 1.7, >= 1.7.7)
|
||||
minitest (~> 5.1)
|
||||
thread_safe (~> 0.3, >= 0.3.4)
|
||||
tzinfo (~> 1.1)
|
||||
addressable (2.3.8)
|
||||
arel (6.0.0)
|
||||
arel (6.0.3)
|
||||
bcrypt (3.1.10)
|
||||
better_errors (2.1.1)
|
||||
coderay (>= 1.0.0)
|
||||
|
|
@ -213,7 +213,7 @@ GEM
|
|||
foreman (0.78.0)
|
||||
thor (~> 0.19.1)
|
||||
formatador (0.2.5)
|
||||
globalid (0.3.5)
|
||||
globalid (0.3.6)
|
||||
activesupport (>= 4.1.0)
|
||||
haml (4.0.6)
|
||||
tilt
|
||||
|
|
@ -243,7 +243,7 @@ GEM
|
|||
turbolinks
|
||||
jquery-ui-rails (5.0.3)
|
||||
railties (>= 3.2.16)
|
||||
json (1.8.2)
|
||||
json (1.8.3)
|
||||
kaminari (0.16.3)
|
||||
actionpack (>= 3.0.0)
|
||||
activesupport (>= 3.0.0)
|
||||
|
|
@ -252,18 +252,18 @@ GEM
|
|||
addressable (~> 2.3)
|
||||
letter_opener (1.4.1)
|
||||
launchy (~> 2.2)
|
||||
loofah (2.0.1)
|
||||
loofah (2.0.3)
|
||||
nokogiri (>= 1.5.9)
|
||||
mail (2.6.3)
|
||||
mime-types (>= 1.16, < 3)
|
||||
memoizable (0.4.2)
|
||||
thread_safe (~> 0.3, >= 0.3.1)
|
||||
mime-types (2.4.3)
|
||||
mime-types (2.6.1)
|
||||
mini_portile (0.6.2)
|
||||
minitest (5.6.0)
|
||||
minitest (5.8.0)
|
||||
momentjs-rails (2.9.0)
|
||||
railties (>= 3.1)
|
||||
multi_json (1.11.0)
|
||||
multi_json (1.11.2)
|
||||
multipart-post (2.0.0)
|
||||
mysql2 (0.3.18)
|
||||
naught (1.0.0)
|
||||
|
|
@ -302,7 +302,7 @@ GEM
|
|||
cliver (~> 0.3.1)
|
||||
multi_json (~> 1.0)
|
||||
websocket-driver (>= 0.2.0)
|
||||
rack (1.6.0)
|
||||
rack (1.6.4)
|
||||
rack-pjax (0.8.0)
|
||||
nokogiri (~> 1.5)
|
||||
rack (~> 1.1)
|
||||
|
|
@ -310,23 +310,23 @@ GEM
|
|||
rack
|
||||
rack-test (0.6.3)
|
||||
rack (>= 1.0)
|
||||
rails (4.2.1)
|
||||
actionmailer (= 4.2.1)
|
||||
actionpack (= 4.2.1)
|
||||
actionview (= 4.2.1)
|
||||
activejob (= 4.2.1)
|
||||
activemodel (= 4.2.1)
|
||||
activerecord (= 4.2.1)
|
||||
activesupport (= 4.2.1)
|
||||
rails (4.2.2)
|
||||
actionmailer (= 4.2.2)
|
||||
actionpack (= 4.2.2)
|
||||
actionview (= 4.2.2)
|
||||
activejob (= 4.2.2)
|
||||
activemodel (= 4.2.2)
|
||||
activerecord (= 4.2.2)
|
||||
activesupport (= 4.2.2)
|
||||
bundler (>= 1.3.0, < 2.0)
|
||||
railties (= 4.2.1)
|
||||
railties (= 4.2.2)
|
||||
sprockets-rails
|
||||
rails-assets-growl (1.2.5)
|
||||
rails-assets-jquery
|
||||
rails-assets-jquery (2.1.3)
|
||||
rails-deprecated_sanitizer (1.0.3)
|
||||
activesupport (>= 4.2.0.alpha)
|
||||
rails-dom-testing (1.0.6)
|
||||
rails-dom-testing (1.0.7)
|
||||
activesupport (>= 4.2.0.beta, < 5.0)
|
||||
nokogiri (~> 1.6.0)
|
||||
rails-deprecated_sanitizer (>= 1.0.1)
|
||||
|
|
@ -349,9 +349,9 @@ GEM
|
|||
remotipart (~> 1.0)
|
||||
safe_yaml (~> 1.0)
|
||||
sass-rails (>= 4.0, < 6)
|
||||
railties (4.2.1)
|
||||
actionpack (= 4.2.1)
|
||||
activesupport (= 4.2.1)
|
||||
railties (4.2.2)
|
||||
actionpack (= 4.2.2)
|
||||
activesupport (= 4.2.2)
|
||||
rake (>= 0.8.7)
|
||||
thor (>= 0.18.1, < 2.0)
|
||||
raindrops (0.13.0)
|
||||
|
|
@ -420,12 +420,12 @@ GEM
|
|||
rack-protection (~> 1.4)
|
||||
tilt (>= 1.3, < 3)
|
||||
spring (1.3.5)
|
||||
sprockets (2.12.3)
|
||||
sprockets (2.12.4)
|
||||
hike (~> 1.2)
|
||||
multi_json (~> 1.0)
|
||||
rack (~> 1.0)
|
||||
tilt (~> 1.1, != 1.3.0)
|
||||
sprockets-rails (2.2.4)
|
||||
sprockets-rails (2.3.2)
|
||||
actionpack (>= 3.0)
|
||||
activesupport (>= 3.0)
|
||||
sprockets (>= 2.8, < 4.0)
|
||||
|
|
@ -533,7 +533,7 @@ DEPENDENCIES
|
|||
pghero
|
||||
poltergeist
|
||||
questiongenerator!
|
||||
rails (= 4.2.1)
|
||||
rails (= 4.2.2)
|
||||
rails-assets-growl
|
||||
rails-i18n
|
||||
rails_admin
|
||||
|
|
|
|||
Loading…
Reference in New Issue