summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobert Speicher <rspeicher@gmail.com>2015-12-18 13:19:33 -0500
committerRobert Speicher <rspeicher@gmail.com>2015-12-18 13:20:17 -0500
commite5e4405747ec4025d8eefb5652bda2a83c283a13 (patch)
treed794d3a5c5084cb5d6f672d881d7cfa1342375d6
parent22e65944ee8695cc6108dbb8cc0b4ed729e1c265 (diff)
downloadgitlab-ce-e5e4405747ec4025d8eefb5652bda2a83c283a13.tar.gz
Explicitly require Nokogiri 1.6.7.1 due to security issuers-bump-nokogiri
Name: nokogiri Version: 1.6.7 Advisory: CVE-2015-5312 Criticality: High URL: https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s Title: Nokogiri gem contains several vulnerabilities in libxml2 Solution: upgrade to >= 1.6.7.1
-rw-r--r--Gemfile3
-rw-r--r--Gemfile.lock3
2 files changed, 5 insertions, 1 deletions
diff --git a/Gemfile b/Gemfile
index 76b4759499e..26cd52e54d2 100644
--- a/Gemfile
+++ b/Gemfile
@@ -101,6 +101,9 @@ gem 'wikicloth', '0.8.1'
gem 'asciidoctor', '~> 1.5.2'
gem 'rouge', '~> 1.10.1'
+# See https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s
+gem 'nokogiri', '1.6.7.1'
+
# Diffs
gem 'diffy', '~> 3.0.3'
diff --git a/Gemfile.lock b/Gemfile.lock
index 88c7a6e3424..c1c01835e4b 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -420,7 +420,7 @@ GEM
grape
newrelic_rpm
newrelic_rpm (3.9.4.245)
- nokogiri (1.6.7)
+ nokogiri (1.6.7.1)
mini_portile2 (~> 2.0.0.rc2)
nprogress-rails (0.1.6.7)
oauth (0.4.7)
@@ -888,6 +888,7 @@ DEPENDENCIES
net-ssh (~> 3.0.1)
newrelic-grape
newrelic_rpm (~> 3.9.4.245)
+ nokogiri (= 1.6.7.1)
nprogress-rails (~> 0.1.6.7)
oauth2 (~> 1.0.0)
octokit (~> 3.7.0)