diff options
author | Robert Speicher <rspeicher@gmail.com> | 2015-12-18 13:19:33 -0500 |
---|---|---|
committer | Robert Speicher <rspeicher@gmail.com> | 2015-12-18 13:20:17 -0500 |
commit | e5e4405747ec4025d8eefb5652bda2a83c283a13 (patch) | |
tree | d794d3a5c5084cb5d6f672d881d7cfa1342375d6 | |
parent | 22e65944ee8695cc6108dbb8cc0b4ed729e1c265 (diff) | |
download | gitlab-ce-e5e4405747ec4025d8eefb5652bda2a83c283a13.tar.gz |
Explicitly require Nokogiri 1.6.7.1 due to security issuers-bump-nokogiri
Name: nokogiri
Version: 1.6.7
Advisory: CVE-2015-5312
Criticality: High
URL:
https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s
Title: Nokogiri gem contains several vulnerabilities in libxml2
Solution: upgrade to >= 1.6.7.1
-rw-r--r-- | Gemfile | 3 | ||||
-rw-r--r-- | Gemfile.lock | 3 |
2 files changed, 5 insertions, 1 deletions
@@ -101,6 +101,9 @@ gem 'wikicloth', '0.8.1' gem 'asciidoctor', '~> 1.5.2' gem 'rouge', '~> 1.10.1' +# See https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s +gem 'nokogiri', '1.6.7.1' + # Diffs gem 'diffy', '~> 3.0.3' diff --git a/Gemfile.lock b/Gemfile.lock index 88c7a6e3424..c1c01835e4b 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -420,7 +420,7 @@ GEM grape newrelic_rpm newrelic_rpm (3.9.4.245) - nokogiri (1.6.7) + nokogiri (1.6.7.1) mini_portile2 (~> 2.0.0.rc2) nprogress-rails (0.1.6.7) oauth (0.4.7) @@ -888,6 +888,7 @@ DEPENDENCIES net-ssh (~> 3.0.1) newrelic-grape newrelic_rpm (~> 3.9.4.245) + nokogiri (= 1.6.7.1) nprogress-rails (~> 0.1.6.7) oauth2 (~> 1.0.0) octokit (~> 3.7.0) |