diff options
author | Dennis Schubert <mail@dennis-schubert.de> | 2017-03-29 23:29:22 +0300 |
---|---|---|
committer | Dennis Schubert <mail@dennis-schubert.de> | 2017-03-29 23:29:56 +0300 |
commit | 2b32e9b5927d079c301f913e4f21a1105405b131 (patch) | |
tree | d0f8a1a177ebc3e52f3f9b6b23ffa253b5b660b6 | |
parent | a9c282d98609b4c09d38aa86fff5d1ab7af4f77f (diff) | |
parent | 610f39e991a8468a92af13bf2f8265b9c0221786 (diff) |
Merge branch 'hotfix/0.6.4.1'v0.6.4.1
-rw-r--r-- | Changelog.md | 4 | ||||
-rw-r--r-- | Gemfile | 2 | ||||
-rw-r--r-- | Gemfile.lock | 4 | ||||
-rw-r--r-- | config/defaults.yml | 2 |
4 files changed, 8 insertions, 4 deletions
diff --git a/Changelog.md b/Changelog.md index b360d79b8..e32666734 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,3 +1,7 @@ +# 0.6.4.1 + +Fixes a possible Remote Code Execution ([CVE-2016-4658](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658)) and a possible DoS ([CVE-2016-5131](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131)) by updating Nokogiri, which in turn updates libxml2. + # 0.6.4.0 ## Refactor @@ -132,7 +132,7 @@ gem "leaflet-rails", "0.7.7" # Parsing -gem "nokogiri", "1.7.0.1" +gem "nokogiri", "1.7.1" gem "open_graph_reader", "0.6.2" # also update User-Agent in features/support/webmock.rb gem "redcarpet", "3.4.0" gem "ruby-oembed", "0.10.1" diff --git a/Gemfile.lock b/Gemfile.lock index 562226990..880e2415f 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -395,7 +395,7 @@ GEM nenv (0.3.0) nested_form (0.3.2) nio4r (2.0.0) - nokogiri (1.7.0.1) + nokogiri (1.7.1) mini_portile2 (~> 2.1.0) notiffany (0.1.1) nenv (~> 0.1) @@ -845,7 +845,7 @@ DEPENDENCIES minitest mobile-fu (= 1.3.1) mysql2 (= 0.4.5) - nokogiri (= 1.7.0.1) + nokogiri (= 1.7.1) omniauth (= 1.4.2) omniauth-facebook (= 4.0.0) omniauth-tumblr (= 1.2) diff --git a/config/defaults.yml b/config/defaults.yml index 8a58394a1..5c29c1166 100644 --- a/config/defaults.yml +++ b/config/defaults.yml @@ -4,7 +4,7 @@ defaults: version: - number: "0.6.4.0" # Do not touch unless doing a release, do not backport the version number that's in master + number: "0.6.4.1" # Do not touch unless doing a release, do not backport the version number that's in master heroku: false environment: url: "http://localhost:3000/" |