diff options
author | Jonne Haß <me@jhass.eu> | 2014-10-30 23:28:00 +0300 |
---|---|---|
committer | Jonne Haß <me@jhass.eu> | 2014-10-30 23:29:16 +0300 |
commit | 7000f39881fd0c2eba5f44904fdc575fcbd42480 (patch) | |
tree | 87ef13638dfa5187c064ce08fa552b58d2ff2757 | |
parent | 19133975f157aee70da21f9f67277af88c8e7aae (diff) |
bump Rails to fix CVE-2014-7818v0.4.1.2
-rw-r--r-- | Changelog.md | 4 | ||||
-rw-r--r-- | Gemfile | 2 | ||||
-rw-r--r-- | Gemfile.lock | 56 | ||||
-rw-r--r-- | config/defaults.yml | 2 |
4 files changed, 34 insertions, 30 deletions
diff --git a/Changelog.md b/Changelog.md index 9c0c976da..855aef878 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,3 +1,7 @@ +# 0.4.1.2 + +* Update Rails, fixes [CVE-2014-7818](https://groups.google.com/forum/#!topic/rubyonrails-security/dCp7duBiQgo). + # 0.4.1.1 * Fix XSS issue in poll questions [#5274](https://github.com/diaspora/diaspora/issues/5274) @@ -1,6 +1,6 @@ source 'https://rubygems.org' -gem 'rails', '3.2.19' +gem 'rails', '3.2.20' # Appserver diff --git a/Gemfile.lock b/Gemfile.lock index ac931b300..4cb797264 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,12 +1,12 @@ GEM remote: https://rubygems.org/ specs: - actionmailer (3.2.19) - actionpack (= 3.2.19) + actionmailer (3.2.20) + actionpack (= 3.2.20) mail (~> 2.5.4) - actionpack (3.2.19) - activemodel (= 3.2.19) - activesupport (= 3.2.19) + actionpack (3.2.20) + activemodel (= 3.2.20) + activesupport (= 3.2.20) builder (~> 3.0.0) erubis (~> 2.7.0) journey (~> 1.0.4) @@ -14,20 +14,20 @@ GEM rack-cache (~> 1.2) rack-test (~> 0.6.1) sprockets (~> 2.2.1) - activemodel (3.2.19) - activesupport (= 3.2.19) + activemodel (3.2.20) + activesupport (= 3.2.20) builder (~> 3.0.0) - activerecord (3.2.19) - activemodel (= 3.2.19) - activesupport (= 3.2.19) + activerecord (3.2.20) + activemodel (= 3.2.20) + activesupport (= 3.2.20) arel (~> 3.0.2) tzinfo (~> 0.3.29) activerecord-import (0.3.1) activerecord (~> 3.0) - activeresource (3.2.19) - activemodel (= 3.2.19) - activesupport (= 3.2.19) - activesupport (3.2.19) + activeresource (3.2.20) + activemodel (= 3.2.20) + activesupport (= 3.2.20) + activesupport (3.2.20) i18n (~> 0.6, >= 0.6.4) multi_json (~> 1.0) acts-as-taggable-on (3.2.6) @@ -202,7 +202,7 @@ GEM hashie (2.1.1) hike (1.2.3) http_accept_language (1.0.2) - i18n (0.6.9) + i18n (0.6.11) i18n-inflector (2.6.7) i18n (>= 0.4.1) i18n-inflector-rails (1.0.7) @@ -317,14 +317,14 @@ GEM rack rack-test (0.6.2) rack (>= 1.0) - rails (3.2.19) - actionmailer (= 3.2.19) - actionpack (= 3.2.19) - activerecord (= 3.2.19) - activeresource (= 3.2.19) - activesupport (= 3.2.19) + rails (3.2.20) + actionmailer (= 3.2.20) + actionpack (= 3.2.20) + activerecord (= 3.2.20) + activeresource (= 3.2.20) + activesupport (= 3.2.20) bundler (~> 1.0) - railties (= 3.2.19) + railties (= 3.2.20) rails-i18n (0.7.4) i18n (~> 0.5) rails-timeago (2.4.0) @@ -347,9 +347,9 @@ GEM sass-rails (~> 3.1) rails_autolink (1.1.5) rails (> 3.1) - railties (3.2.19) - actionpack (= 3.2.19) - activesupport (= 3.2.19) + railties (3.2.20) + actionpack (= 3.2.20) + activesupport (= 3.2.20) rack-ssl (~> 1.3.2) rake (>= 0.8.7) rdoc (~> 3.4) @@ -415,7 +415,7 @@ GEM railties (>= 3.1) slop (3.5.0) spork (1.0.0rc4) - sprockets (2.2.2) + sprockets (2.2.3) hike (~> 1.2) multi_json (~> 1.0) rack (~> 1.0) @@ -442,7 +442,7 @@ GEM simple_oauth (~> 0.2) typhoeus (0.6.8) ethon (>= 0.7.0) - tzinfo (0.3.39) + tzinfo (0.3.42) uglifier (2.5.0) execjs (>= 0.3.0) json (>= 1.8.0) @@ -523,7 +523,7 @@ DEPENDENCIES rack-protection (= 1.2) rack-rewrite (= 1.5.0) rack-ssl (= 1.3.3) - rails (= 3.2.19) + rails (= 3.2.20) rails-i18n (= 0.7.4) rails-timeago (= 2.4.0) rails_admin (= 0.4.9) diff --git a/config/defaults.yml b/config/defaults.yml index 743f03e40..c7434bafd 100644 --- a/config/defaults.yml +++ b/config/defaults.yml @@ -4,7 +4,7 @@ defaults: version: - number: "0.4.1.1" # Do not touch unless doing a release, do not backport the version number that's in master but keep develop to always say "head" + number: "0.4.1.2" # Do not touch unless doing a release, do not backport the version number that's in master but keep develop to always say "head" heroku: false environment: url: "http://localhost:3000/" |