From 7b30c4237b429854d37c1867a9f12c7329e90626 Mon Sep 17 00:00:00 2001 From: Daniel O'Connor Date: Tue, 11 Aug 2015 10:28:07 +0930 Subject: [PATCH] Name: activesupport Version: 4.1.9 Advisory: CVE-2015-3227 Criticality: Unknown URL: https://groups.google.com/forum/#!topic/rubyonrails-security/bahr2JLnxvk Title: Possible Denial of Service attack in Active Support Solution: upgrade to >= 4.2.2, ~> 4.1.11, ~> 3.2.22 Name: activesupport Version: 4.1.9 Advisory: CVE-2015-3226 Criticality: Unknown URL: https://groups.google.com/forum/#!topic/ruby-security-ann/7VlB_pck3hU Title: XSS Vulnerability in ActiveSupport::JSON.encode Solution: upgrade to >= 4.2.2, ~> 4.1.11 --- Gemfile | 2 +- Gemfile.lock | 68 ++++++++++++++++++++++++++-------------------------- 2 files changed, 35 insertions(+), 35 deletions(-) diff --git a/Gemfile b/Gemfile index 0cd47ce40..8a26f1058 100644 --- a/Gemfile +++ b/Gemfile @@ -2,7 +2,7 @@ source 'https://rubygems.org' ruby '2.1.5' -gem 'rails', '4.1.9' +gem 'rails', '4.1.11' gem 'bundler', '>=1.1.5' diff --git a/Gemfile.lock b/Gemfile.lock index a0d524eac..e9a80a0a4 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -20,29 +20,29 @@ PATH GEM remote: https://rubygems.org/ specs: - actionmailer (4.1.9) - actionpack (= 4.1.9) - actionview (= 4.1.9) + actionmailer (4.1.11) + actionpack (= 4.1.11) + actionview (= 4.1.11) mail (~> 2.5, >= 2.5.4) - actionpack (4.1.9) - actionview (= 4.1.9) - activesupport (= 4.1.9) + actionpack (4.1.11) + actionview (= 4.1.11) + activesupport (= 4.1.11) rack (~> 1.5.2) rack-test (~> 0.6.2) - actionview (4.1.9) - activesupport (= 4.1.9) + actionview (4.1.11) + activesupport (= 4.1.11) builder (~> 3.1) erubis (~> 2.7.0) active_link_to (1.0.2) actionpack - activemodel (4.1.9) - activesupport (= 4.1.9) + activemodel (4.1.11) + activesupport (= 4.1.11) builder (~> 3.1) - activerecord (4.1.9) - activemodel (= 4.1.9) - activesupport (= 4.1.9) + activerecord (4.1.11) + activemodel (= 4.1.11) + activesupport (= 4.1.11) arel (~> 5.0.0) - activesupport (4.1.9) + activesupport (4.1.11) i18n (~> 0.6, >= 0.6.9) json (~> 1.7, >= 1.7.7) minitest (~> 5.1) @@ -234,7 +234,7 @@ GEM js-routes (0.9.9) railties (>= 3.2) sprockets-rails - json (1.8.2) + json (1.8.3) kaminari (0.16.3) actionpack (>= 3.0.0) activesupport (>= 3.0.0) @@ -263,10 +263,10 @@ GEM mime-types (>= 1.16, < 3) memcachier (0.0.2) method_source (0.8.2) - mime-types (2.4.3) + mime-types (2.6.1) mini_portile (0.6.1) - minitest (5.5.1) - multi_json (1.10.1) + minitest (5.8.0) + multi_json (1.11.2) multi_xml (0.5.5) multipart-post (2.0.0) nenv (0.2.0) @@ -309,18 +309,18 @@ GEM slop (~> 3.4) quiet_assets (1.1.0) railties (>= 3.1, < 5.0) - rack (1.5.2) + rack (1.5.5) rack-test (0.6.3) rack (>= 1.0) - rails (4.1.9) - actionmailer (= 4.1.9) - actionpack (= 4.1.9) - actionview (= 4.1.9) - activemodel (= 4.1.9) - activerecord (= 4.1.9) - activesupport (= 4.1.9) + rails (4.1.11) + actionmailer (= 4.1.11) + actionpack (= 4.1.11) + actionview (= 4.1.11) + activemodel (= 4.1.11) + activerecord (= 4.1.11) + activesupport (= 4.1.11) bundler (>= 1.3.0, < 2.0) - railties (= 4.1.9) + railties (= 4.1.11) sprockets-rails (~> 2.0) rails-i18n (4.0.3) i18n (~> 0.6) @@ -330,9 +330,9 @@ GEM rails_stdout_logging rails_serve_static_assets (0.0.2) rails_stdout_logging (0.0.3) - railties (4.1.9) - actionpack (= 4.1.9) - activesupport (= 4.1.9) + railties (4.1.11) + actionpack (= 4.1.11) + activesupport (= 4.1.11) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) raindrops (0.13.0) @@ -387,12 +387,12 @@ GEM simplecov-html (~> 0.8.0) simplecov-html (0.8.0) slop (3.6.0) - sprockets (2.12.3) + sprockets (2.12.4) hike (~> 1.2) multi_json (~> 1.0) rack (~> 1.0) tilt (~> 1.1, != 1.3.0) - sprockets-rails (2.2.2) + sprockets-rails (2.3.2) actionpack (>= 3.0) activesupport (>= 3.0) sprockets (>= 2.8, < 4.0) @@ -404,7 +404,7 @@ GEM ref thor (0.19.1) thread (0.1.4) - thread_safe (0.3.4) + thread_safe (0.3.5) tilt (1.4.1) tins (1.3.3) tzinfo (1.2.2) @@ -488,7 +488,7 @@ DEPENDENCIES poltergeist (~> 1.6) pry quiet_assets - rails (= 4.1.9) + rails (= 4.1.11) rails_12factor rake (>= 10.0.0) rspec-activemodel-mocks