Skip to content

Commit

Permalink
Security: Upgrade Rails to 5.2.2.1 (#504)
Browse files Browse the repository at this point in the history 
This fixes several vulnerabilities:

- CVE-2019-5418 File Content Disclosure in Action View
- CVE-2019-5419 Denial of Service Vulnerability in Action View
- CVE-2019-5420 Possible Remote Code Execution Exploit in Rails Development Mode

For more info, see the release notes: https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/
  • Loading branch information
@Mr0grog
Mr0grog authored Mar 13, 2019
1 parent 1b43d71 commit 2b622c7
Show file tree
Hide file tree
Showing 2 changed files with 53 additions and 52 deletions.
2 changes: 1 addition & 1 deletion Gemfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ gem 'aws-sdk-s3', '~> 1.30'
gem 'devise'
gem 'httparty'
gem 'jwt', '~> 2.1'
gem 'rails', '~> 5.2.2'
gem 'rails', '~> 5.2.2.1'
gem 'pg', '~> 1.1'
gem 'puma', '~> 3.12'
gem 'rack-cors', :require => 'rack/cors'
Expand Down
103 changes: 52 additions & 51 deletions Gemfile.lock
View file
Original file line number Diff line number Diff line change
@@ -1,43 +1,43 @@
GEM
remote: https://rubygems.org/
specs:
actioncable (5.2.2)
actionpack (= 5.2.2)
actioncable (5.2.2.1)
actionpack (= 5.2.2.1)
nio4r (~> 2.0)
websocket-driver (>= 0.6.1)
actionmailer (5.2.2)
actionpack (= 5.2.2)
actionview (= 5.2.2)
activejob (= 5.2.2)
actionmailer (5.2.2.1)
actionpack (= 5.2.2.1)
actionview (= 5.2.2.1)
activejob (= 5.2.2.1)
mail (~> 2.5, >= 2.5.4)
rails-dom-testing (~> 2.0)
actionpack (5.2.2)
actionview (= 5.2.2)
activesupport (= 5.2.2)
actionpack (5.2.2.1)
actionview (= 5.2.2.1)
activesupport (= 5.2.2.1)
rack (~> 2.0)
rack-test (>= 0.6.3)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.0.2)
actionview (5.2.2)
activesupport (= 5.2.2)
actionview (5.2.2.1)
activesupport (= 5.2.2.1)
builder (~> 3.1)
erubi (~> 1.4)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.0.3)
activejob (5.2.2)
activesupport (= 5.2.2)
activejob (5.2.2.1)
activesupport (= 5.2.2.1)
globalid (>= 0.3.6)
activemodel (5.2.2)
activesupport (= 5.2.2)
activerecord (5.2.2)
activemodel (= 5.2.2)
activesupport (= 5.2.2)
activemodel (5.2.2.1)
activesupport (= 5.2.2.1)
activerecord (5.2.2.1)
activemodel (= 5.2.2.1)
activesupport (= 5.2.2.1)
arel (>= 9.0)
activestorage (5.2.2)
actionpack (= 5.2.2)
activerecord (= 5.2.2)
activestorage (5.2.2.1)
actionpack (= 5.2.2.1)
activerecord (= 5.2.2.1)
marcel (~> 0.3.1)
activesupport (5.2.2)
activesupport (5.2.2.1)
concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 0.7, < 2)
minitest (~> 5.1)
Expand All @@ -46,29 +46,30 @@ GEM
public_suffix (>= 2.0.2, < 4.0)
arel (9.0.0)
ast (2.4.0)
aws-eventstream (1.0.1)
aws-partitions (1.136.0)
aws-sdk-core (3.46.0)
aws-eventstream (1.0.2)
aws-partitions (1.144.0)
aws-sdk-core (3.46.2)
aws-eventstream (~> 1.0)
aws-partitions (~> 1.0)
aws-sigv4 (~> 1.0)
jmespath (~> 1.0)
aws-sdk-kms (1.13.0)
aws-sdk-core (~> 3, >= 3.39.0)
aws-sigv4 (~> 1.0)
aws-sdk-s3 (1.30.1)
aws-sdk-s3 (1.31.0)
aws-sdk-core (~> 3, >= 3.39.0)
aws-sdk-kms (~> 1)
aws-sigv4 (~> 1.0)
aws-sigv4 (1.0.3)
aws-sigv4 (1.1.0)
aws-eventstream (~> 1.0, >= 1.0.2)
bcrypt (3.1.12)
bindex (0.5.0)
bootsnap (1.4.1)
msgpack (~> 1.0)
builder (3.2.3)
byebug (11.0.0)
coderay (1.1.2)
concurrent-ruby (1.1.4)
concurrent-ruby (1.1.5)
connection_pool (2.2.2)
crack (0.4.3)
safe_yaml (~> 1.0.0)
Expand All @@ -89,7 +90,7 @@ GEM
execjs (2.7.0)
faraday (0.15.4)
multipart-post (>= 1.2, < 3)
ffi (1.9.25)
ffi (1.10.0)
globalid (0.4.2)
activesupport (>= 4.2.0)
google-api-client (0.28.4)
Expand All @@ -113,11 +114,11 @@ GEM
mime-types (~> 3.0)
multi_xml (>= 0.5.2)
httpclient (2.8.3)
i18n (1.5.3)
i18n (1.6.0)
concurrent-ruby (~> 1.0)
jaro_winkler (1.5.2)
jmespath (1.4.0)
json (2.1.0)
json (2.2.0)
jwt (2.1.0)
listen (3.1.5)
rb-fsevent (~> 0.9, >= 0.9.4)
Expand All @@ -140,7 +141,7 @@ GEM
mini_portile2 (2.4.0)
minitest (5.11.3)
mono_logger (1.1.0)
msgpack (1.2.7)
msgpack (1.2.9)
multi_json (1.13.1)
multi_xml (0.6.0)
multipart-post (2.0.0)
Expand Down Expand Up @@ -175,35 +176,35 @@ GEM
rack
rack-test (1.1.0)
rack (>= 1.0, < 3)
rails (5.2.2)
actioncable (= 5.2.2)
actionmailer (= 5.2.2)
actionpack (= 5.2.2)
actionview (= 5.2.2)
activejob (= 5.2.2)
activemodel (= 5.2.2)
activerecord (= 5.2.2)
activestorage (= 5.2.2)
activesupport (= 5.2.2)
rails (5.2.2.1)
actioncable (= 5.2.2.1)
actionmailer (= 5.2.2.1)
actionpack (= 5.2.2.1)
actionview (= 5.2.2.1)
activejob (= 5.2.2.1)
activemodel (= 5.2.2.1)
activerecord (= 5.2.2.1)
activestorage (= 5.2.2.1)
activesupport (= 5.2.2.1)
bundler (>= 1.3.0)
railties (= 5.2.2)
railties (= 5.2.2.1)
sprockets-rails (>= 2.0.0)
rails-dom-testing (2.0.3)
activesupport (>= 4.2.0)
nokogiri (>= 1.6)
rails-html-sanitizer (1.0.4)
loofah (~> 2.2, >= 2.2.2)
railties (5.2.2)
actionpack (= 5.2.2)
activesupport (= 5.2.2)
railties (5.2.2.1)
actionpack (= 5.2.2.1)
activesupport (= 5.2.2.1)
method_source
rake (>= 0.8.7)
thor (>= 0.19.0, < 2.0)
rainbow (3.0.0)
rake (12.3.2)
rb-fsevent (0.10.3)
rb-inotify (0.9.10)
ffi (>= 0.5.0, < 2)
rb-inotify (0.10.0)
ffi (~> 1.0)
readthis (2.2.0)
connection_pool (~> 2.1)
redis (>= 3.0, < 5.0)
Expand Down Expand Up @@ -237,8 +238,8 @@ GEM
unicode-display_width (~> 1.4.0)
ruby-progressbar (1.10.0)
ruby_dep (1.5.0)
safe_yaml (1.0.4)
sass (3.5.7)
safe_yaml (1.0.5)
sass (3.7.3)
sass-listen (~> 4.0.0)
sass-listen (4.0.0)
rb-fsevent (~> 0.9, >= 0.9.4)
Expand Down Expand Up @@ -320,7 +321,7 @@ DEPENDENCIES
pry-rails
puma (~> 3.12)
rack-cors
rails (~> 5.2.2)
rails (~> 5.2.2.1)
readthis
resque
resque-heroku-signals
Expand Down

0 comments on commit 2b622c7

Please sign in to comment.