about summary refs log tree commit diff
diff options
context:
space:
mode:
authorPatrick Figel <patrick@figel.email>2018-03-21 17:43:28 +0100
committerEugen Rochko <eugen@zeonfederated.com>2018-03-21 17:43:28 +0100
commitd97903a3587e137316adbd8a9f0460552b5bfbcd (patch)
treec9a8b4c535a8837aa6f88dcd68e3e2a2d63e71a4
parent93897134caf42f1b70620282cef04865af7026b1 (diff)
Update sanitize and loofah (#6855)
Fixes CVE-2018-8048 and CVE-2018-3740, two medium-severity XSS
vulnerabilities present in these gems when built against
libxml2 >= 2.9.2.
-rw-r--r--Gemfile2
-rw-r--r--Gemfile.lock12
2 files changed, 7 insertions, 7 deletions
diff --git a/Gemfile b/Gemfile
index fe5bf572c..8bc28b893 100644
--- a/Gemfile
+++ b/Gemfile
@@ -71,7 +71,7 @@ gem 'mario-redis-lock', '~> 1.2', require: 'redis_lock'
 gem 'rqrcode', '~> 0.10'
 gem 'ruby-oembed', '~> 0.12', require: 'oembed'
 gem 'ruby-progressbar', '~> 1.4'
-gem 'sanitize', '~> 4.4'
+gem 'sanitize', '~> 4.6.4'
 gem 'sidekiq', '~> 5.0'
 gem 'sidekiq-scheduler', '~> 2.1'
 gem 'sidekiq-unique-jobs', '~> 5.0'
diff --git a/Gemfile.lock b/Gemfile.lock
index ca6365c74..7360ce7f6 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -288,7 +288,7 @@ GEM
       activesupport (>= 4, < 5.2)
       railties (>= 4, < 5.2)
       request_store (~> 1.0)
-    loofah (2.1.1)
+    loofah (2.2.1)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     mail (2.7.0)
@@ -316,9 +316,9 @@ GEM
       net-ssh (>= 2.6.5)
     net-ssh (4.2.0)
     nio4r (2.1.0)
-    nokogiri (1.8.1)
+    nokogiri (1.8.2)
       mini_portile2 (~> 2.3.0)
-    nokogumbo (1.4.13)
+    nokogumbo (1.5.0)
       nokogiri
     nsa (0.2.4)
       activesupport (>= 4.2, < 6)
@@ -496,10 +496,10 @@ GEM
     rufus-scheduler (3.4.2)
       et-orbi (~> 1.0)
     safe_yaml (1.0.4)
-    sanitize (4.5.0)
+    sanitize (4.6.4)
       crass (~> 1.0.2)
       nokogiri (>= 1.4.4)
-      nokogumbo (~> 1.4.1)
+      nokogumbo (~> 1.4)
     sass (3.5.3)
       sass-listen (~> 4.0.0)
     sass-listen (4.0.0)
@@ -699,7 +699,7 @@ DEPENDENCIES
   rubocop
   ruby-oembed (~> 0.12)
   ruby-progressbar (~> 1.4)
-  sanitize (~> 4.4)
+  sanitize (~> 4.6.4)
   scss_lint (~> 0.55)
   sidekiq (~> 5.0)
   sidekiq-bulk (~> 0.1.1)