Skip to content

Commit

Permalink
Fix: Update loofah
Browse files Browse the repository at this point in the history 
loofah Version: 2.2.2 Advisory: CVE-2018-16468 Criticality: Unknown URL: flavorjones/loofah#154 Title: Loofah XSS Vulnerability Solution: upgrade to >= 2.2.3
  • Loading branch information
dgt committed Nov 6, 2018
1 parent 8a7a3de commit 4eb1337
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 1 deletion.
9 changes: 9 additions & 0 deletions Gemfile
View file
Expand Up @@ -61,6 +61,15 @@ gem 'thinking-sphinx', '~> 3.4.2'
# Enhanced Tagging lib. Used to tag pages
gem 'acts-as-taggable-on', '~> 4.0'

##
# security updates
##
#
# CVE-2018-16468 Criticality: Unknown URL:
# https://github.com/flavorjones/loofah/issues/154 Title: Loofah XSS
# Vulnerability
gem 'loofah', '~> 2.2.3'

##
# Upgrade pending
##
Expand Down
3 changes: 2 additions & 1 deletion Gemfile.lock
View file
Expand Up @@ -122,7 +122,7 @@ GEM
activerecord (>= 4.1.0)
json (1.8.6)
libv8 (3.16.14.17)
loofah (2.2.2)
loofah (2.2.3)
crass (~> 1.0.2)
nokogiri (>= 1.5.9)
mail (2.7.0)
Expand Down Expand Up @@ -267,6 +267,7 @@ DEPENDENCIES
http_accept_language (~> 2.0)
i18n (~> 0.7)
json (~> 1.8)
loofah (~> 2.2.3)
mail-gpg (~> 0.3.3)
mime-types
minitest
Expand Down

0 comments on commit 4eb1337

Please sign in to comment.