From d97903a3587e137316adbd8a9f0460552b5bfbcd Mon Sep 17 00:00:00 2001
From: Patrick Figel <patrick@figel.email>
Date: Wed, 21 Mar 2018 17:43:28 +0100
Subject: Update sanitize and loofah (#6855)

Fixes CVE-2018-8048 and CVE-2018-3740, two medium-severity XSS
vulnerabilities present in these gems when built against
libxml2 >= 2.9.2.
---
 Gemfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'Gemfile')

diff --git a/Gemfile b/Gemfile
index fe5bf572c..8bc28b893 100644
--- a/Gemfile
+++ b/Gemfile
@@ -71,7 +71,7 @@ gem 'mario-redis-lock', '~> 1.2', require: 'redis_lock'
 gem 'rqrcode', '~> 0.10'
 gem 'ruby-oembed', '~> 0.12', require: 'oembed'
 gem 'ruby-progressbar', '~> 1.4'
-gem 'sanitize', '~> 4.4'
+gem 'sanitize', '~> 4.6.4'
 gem 'sidekiq', '~> 5.0'
 gem 'sidekiq-scheduler', '~> 2.1'
 gem 'sidekiq-unique-jobs', '~> 5.0'
-- 
cgit