Merge branch 'hotfix/0.5.6.1'v0.5.6.1

author: Dennis Schubert <mail@dennis-schubert.de> 2016-01-22 03:38:51 +0300
committer: Dennis Schubert <mail@dennis-schubert.de> 2016-01-22 03:38:51 +0300
commit: cd119f319364cd0751abe454fb9d0f110355ea86 (patch)
tree: 621918b18f3590ef2e3f2b198fed7f24d8f3f0db
parent: 5aef0441e827d7b61c7dfdf6a9ae53b8a20c1be7 (diff)
parent: a8008571b3a171163050c0f648070a05b6617a5c (diff)
4 files changed, 13 insertions, 8 deletions
diff --git a/Changelog.md b/Changelog.md
index 83e92340c..c6bb6cd75 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -1,3 +1,8 @@
+# 0.5.6.1
+
+* Fix Nokogiri CVE-2015-7499
+* Fix unsafe "Remember me" cookies in Devise
+
 # 0.5.6.0
 
 ## Refactor
diff --git a/Gemfile b/Gemfile
index 2351ff5da..1c19b22ce 100644
--- a/Gemfile
+++ b/Gemfile
@@ -22,7 +22,7 @@ gem "json-schema", "2.5.2"
 
 # Authentication
 
-gem "devise", "3.5.3"
+gem "devise", "3.5.4"
 gem "devise_lastseenable", "0.0.6"
 gem "devise-token_authenticatable", "~> 0.4.0"
 
@@ -126,7 +126,7 @@ gem "messagebus_ruby_api", "1.0.3"
 
 # Parsing
 
-gem "nokogiri",          "1.6.7.1"
+gem "nokogiri",          "1.6.7.2"
 gem "redcarpet",         "3.3.4"
 gem "twitter-text",      "1.13.0"
 gem "roxml",             "3.1.6"
diff --git a/Gemfile.lock b/Gemfile.lock
index f55ff7696..44908d837 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -131,7 +131,7 @@ GEM
       nokogiri (~> 1.5)
       rails (>= 3, < 5)
     database_cleaner (1.5.1)
-    devise (3.5.3)
+    devise (3.5.4)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 3.2.6, < 5)
@@ -458,7 +458,7 @@ GEM
     nenv (0.2.0)
     nested_form (0.3.2)
     nio4r (1.2.0)
-    nokogiri (1.6.7.1)
+    nokogiri (1.6.7.2)
       mini_portile2 (~> 2.0.0.rc2)
     notiffany (0.0.8)
       nenv (~> 0.1)
@@ -607,7 +607,7 @@ GEM
       thor (>= 0.18.1, < 2.0)
     rainbow (2.0.0)
     raindrops (0.15.0)
-    rake (10.4.2)
+    rake (10.5.0)
     rb-fsevent (0.9.6)
     rb-inotify (0.9.5)
       ffi (>= 0.5.0)
@@ -788,7 +788,7 @@ DEPENDENCIES
   configurate (= 0.3.1)
   cucumber-rails (= 1.4.2)
   database_cleaner (= 1.5.1)
-  devise (= 3.5.3)
+  devise (= 3.5.4)
   devise-token_authenticatable (~> 0.4.0)
   devise_lastseenable (= 0.0.6)
   diaspora-vines (~> 0.2.0.develop)
@@ -830,7 +830,7 @@ DEPENDENCIES
   minitest
   mobile-fu (= 1.3.1)
   mysql2 (= 0.3.20)
-  nokogiri (= 1.6.7.1)
+  nokogiri (= 1.6.7.2)
   omniauth (= 1.3.1)
   omniauth-facebook (= 3.0.0)
   omniauth-tumblr (= 1.2)
diff --git a/config/defaults.yml b/config/defaults.yml
index fe8d32205..6e6a46f7d 100644
--- a/config/defaults.yml
+++ b/config/defaults.yml
@@ -4,7 +4,7 @@
 
 defaults:
   version:
-    number: "0.5.6.0" # Do not touch unless doing a release, do not backport the version number that's in master
+    number: "0.5.6.1" # Do not touch unless doing a release, do not backport the version number that's in master
   heroku: false
   environment:
     url: "http://localhost:3000/"
author	Dennis Schubert <mail@dennis-schubert.de>	2016-01-22 03:38:51 +0300
committer	Dennis Schubert <mail@dennis-schubert.de>	2016-01-22 03:38:51 +0300
commit	cd119f319364cd0751abe454fb9d0f110355ea86 (patch)
tree	621918b18f3590ef2e3f2b198fed7f24d8f3f0db
parent	5aef0441e827d7b61c7dfdf6a9ae53b8a20c1be7 (diff)
parent	a8008571b3a171163050c0f648070a05b6617a5c (diff)