diff options
author | Dennis Schubert <mail@dennis-schubert.de> | 2016-01-22 03:38:51 +0300 |
---|---|---|
committer | Dennis Schubert <mail@dennis-schubert.de> | 2016-01-22 03:38:51 +0300 |
commit | cd119f319364cd0751abe454fb9d0f110355ea86 (patch) | |
tree | 621918b18f3590ef2e3f2b198fed7f24d8f3f0db | |
parent | 5aef0441e827d7b61c7dfdf6a9ae53b8a20c1be7 (diff) | |
parent | a8008571b3a171163050c0f648070a05b6617a5c (diff) |
Merge branch 'hotfix/0.5.6.1'v0.5.6.1
-rw-r--r-- | Changelog.md | 5 | ||||
-rw-r--r-- | Gemfile | 4 | ||||
-rw-r--r-- | Gemfile.lock | 10 | ||||
-rw-r--r-- | config/defaults.yml | 2 |
4 files changed, 13 insertions, 8 deletions
diff --git a/Changelog.md b/Changelog.md index 83e92340c..c6bb6cd75 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,3 +1,8 @@ +# 0.5.6.1 + +* Fix Nokogiri CVE-2015-7499 +* Fix unsafe "Remember me" cookies in Devise + # 0.5.6.0 ## Refactor @@ -22,7 +22,7 @@ gem "json-schema", "2.5.2" # Authentication -gem "devise", "3.5.3" +gem "devise", "3.5.4" gem "devise_lastseenable", "0.0.6" gem "devise-token_authenticatable", "~> 0.4.0" @@ -126,7 +126,7 @@ gem "messagebus_ruby_api", "1.0.3" # Parsing -gem "nokogiri", "1.6.7.1" +gem "nokogiri", "1.6.7.2" gem "redcarpet", "3.3.4" gem "twitter-text", "1.13.0" gem "roxml", "3.1.6" diff --git a/Gemfile.lock b/Gemfile.lock index f55ff7696..44908d837 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -131,7 +131,7 @@ GEM nokogiri (~> 1.5) rails (>= 3, < 5) database_cleaner (1.5.1) - devise (3.5.3) + devise (3.5.4) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) @@ -458,7 +458,7 @@ GEM nenv (0.2.0) nested_form (0.3.2) nio4r (1.2.0) - nokogiri (1.6.7.1) + nokogiri (1.6.7.2) mini_portile2 (~> 2.0.0.rc2) notiffany (0.0.8) nenv (~> 0.1) @@ -607,7 +607,7 @@ GEM thor (>= 0.18.1, < 2.0) rainbow (2.0.0) raindrops (0.15.0) - rake (10.4.2) + rake (10.5.0) rb-fsevent (0.9.6) rb-inotify (0.9.5) ffi (>= 0.5.0) @@ -788,7 +788,7 @@ DEPENDENCIES configurate (= 0.3.1) cucumber-rails (= 1.4.2) database_cleaner (= 1.5.1) - devise (= 3.5.3) + devise (= 3.5.4) devise-token_authenticatable (~> 0.4.0) devise_lastseenable (= 0.0.6) diaspora-vines (~> 0.2.0.develop) @@ -830,7 +830,7 @@ DEPENDENCIES minitest mobile-fu (= 1.3.1) mysql2 (= 0.3.20) - nokogiri (= 1.6.7.1) + nokogiri (= 1.6.7.2) omniauth (= 1.3.1) omniauth-facebook (= 3.0.0) omniauth-tumblr (= 1.2) diff --git a/config/defaults.yml b/config/defaults.yml index fe8d32205..6e6a46f7d 100644 --- a/config/defaults.yml +++ b/config/defaults.yml @@ -4,7 +4,7 @@ defaults: version: - number: "0.5.6.0" # Do not touch unless doing a release, do not backport the version number that's in master + number: "0.5.6.1" # Do not touch unless doing a release, do not backport the version number that's in master heroku: false environment: url: "http://localhost:3000/" |