bump Rails to fix CVE-2014-7818v0.4.1.2

4 files changed, 34 insertions, 30 deletions

diff --git a/Changelog.md b/Changelog.md
index 9c0c976da..855aef878 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -1,3 +1,7 @@
+# 0.4.1.2
+
+* Update Rails, fixes [CVE-2014-7818](https://groups.google.com/forum/#!topic/rubyonrails-security/dCp7duBiQgo).
+
 # 0.4.1.1
 
 * Fix XSS issue in poll questions [#5274](https://github.com/diaspora/diaspora/issues/5274)
diff --git a/Gemfile b/Gemfile
index efca53b55..91c9ce04d 100644
--- a/Gemfile
+++ b/Gemfile
@@ -1,6 +1,6 @@
 source 'https://rubygems.org'
 
-gem 'rails', '3.2.19'
+gem 'rails', '3.2.20'
 
 # Appserver
 
diff --git a/Gemfile.lock b/Gemfile.lock
index ac931b300..4cb797264 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,12 +1,12 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    actionmailer (3.2.19)
-      actionpack (= 3.2.19)
+    actionmailer (3.2.20)
+      actionpack (= 3.2.20)
       mail (~> 2.5.4)
-    actionpack (3.2.19)
-      activemodel (= 3.2.19)
-      activesupport (= 3.2.19)
+    actionpack (3.2.20)
+      activemodel (= 3.2.20)
+      activesupport (= 3.2.20)
       builder (~> 3.0.0)
       erubis (~> 2.7.0)
       journey (~> 1.0.4)
@@ -14,20 +14,20 @@ GEM
       rack-cache (~> 1.2)
       rack-test (~> 0.6.1)
       sprockets (~> 2.2.1)
-    activemodel (3.2.19)
-      activesupport (= 3.2.19)
+    activemodel (3.2.20)
+      activesupport (= 3.2.20)
       builder (~> 3.0.0)
-    activerecord (3.2.19)
-      activemodel (= 3.2.19)
-      activesupport (= 3.2.19)
+    activerecord (3.2.20)
+      activemodel (= 3.2.20)
+      activesupport (= 3.2.20)
       arel (~> 3.0.2)
       tzinfo (~> 0.3.29)
     activerecord-import (0.3.1)
       activerecord (~> 3.0)
-    activeresource (3.2.19)
-      activemodel (= 3.2.19)
-      activesupport (= 3.2.19)
-    activesupport (3.2.19)
+    activeresource (3.2.20)
+      activemodel (= 3.2.20)
+      activesupport (= 3.2.20)
+    activesupport (3.2.20)
       i18n (~> 0.6, >= 0.6.4)
       multi_json (~> 1.0)
     acts-as-taggable-on (3.2.6)
@@ -202,7 +202,7 @@ GEM
     hashie (2.1.1)
     hike (1.2.3)
     http_accept_language (1.0.2)
-    i18n (0.6.9)
+    i18n (0.6.11)
     i18n-inflector (2.6.7)
       i18n (>= 0.4.1)
     i18n-inflector-rails (1.0.7)
@@ -317,14 +317,14 @@ GEM
       rack
     rack-test (0.6.2)
       rack (>= 1.0)
-    rails (3.2.19)
-      actionmailer (= 3.2.19)
-      actionpack (= 3.2.19)
-      activerecord (= 3.2.19)
-      activeresource (= 3.2.19)
-      activesupport (= 3.2.19)
+    rails (3.2.20)
+      actionmailer (= 3.2.20)
+      actionpack (= 3.2.20)
+      activerecord (= 3.2.20)
+      activeresource (= 3.2.20)
+      activesupport (= 3.2.20)
       bundler (~> 1.0)
-      railties (= 3.2.19)
+      railties (= 3.2.20)
     rails-i18n (0.7.4)
       i18n (~> 0.5)
     rails-timeago (2.4.0)
@@ -347,9 +347,9 @@ GEM
       sass-rails (~> 3.1)
     rails_autolink (1.1.5)
       rails (> 3.1)
-    railties (3.2.19)
-      actionpack (= 3.2.19)
-      activesupport (= 3.2.19)
+    railties (3.2.20)
+      actionpack (= 3.2.20)
+      activesupport (= 3.2.20)
       rack-ssl (~> 1.3.2)
       rake (>= 0.8.7)
       rdoc (~> 3.4)
@@ -415,7 +415,7 @@ GEM
       railties (>= 3.1)
     slop (3.5.0)
     spork (1.0.0rc4)
-    sprockets (2.2.2)
+    sprockets (2.2.3)
       hike (~> 1.2)
       multi_json (~> 1.0)
       rack (~> 1.0)
@@ -442,7 +442,7 @@ GEM
       simple_oauth (~> 0.2)
     typhoeus (0.6.8)
       ethon (>= 0.7.0)
-    tzinfo (0.3.39)
+    tzinfo (0.3.42)
     uglifier (2.5.0)
       execjs (>= 0.3.0)
       json (>= 1.8.0)
@@ -523,7 +523,7 @@ DEPENDENCIES
   rack-protection (= 1.2)
   rack-rewrite (= 1.5.0)
   rack-ssl (= 1.3.3)
-  rails (= 3.2.19)
+  rails (= 3.2.20)
   rails-i18n (= 0.7.4)
   rails-timeago (= 2.4.0)
   rails_admin (= 0.4.9)
diff --git a/config/defaults.yml b/config/defaults.yml
index 743f03e40..c7434bafd 100644
--- a/config/defaults.yml
+++ b/config/defaults.yml
@@ -4,7 +4,7 @@
 
 defaults:
   version:
-    number: "0.4.1.1" # Do not touch unless doing a release, do not backport the version number that's in master but keep develop to always say "head"
+    number: "0.4.1.2" # Do not touch unless doing a release, do not backport the version number that's in master but keep develop to always say "head"
   heroku: false
   environment:
     url: "http://localhost:3000/"