Merge branch 'security_fixes' into 'master'

[security] gems update [doorkeeper] added filtering of sensitive information (like secret key) from production.log [gollum lib] remote code execution (in search field). We don't have search for wiki but it is better to have this fix. Nothing critical!!! related to #2143 See merge request !1732
author: Dmitriy Zaporozhets <dzaporozhets@gitlab.com> 2015-03-20 16:28:31 +0000
committer: Dmitriy Zaporozhets <dzaporozhets@gitlab.com> 2015-03-20 16:28:31 +0000
commit: 478f92d2c254f987db926297402080ec60eaf2d1 (patch)
tree: 0a5c6ba6230ee27af488bdca5f7ca9cad6604749
parent: c6dd117c71a326a09a1e6d546d6d0c98a21e3f1d (diff)
parent: 484524e0968e168183a8e22599e062d29d1d81fe (diff)
download: gitlab-ce-478f92d2c254f987db926297402080ec60eaf2d1.tar.gz
2 files changed, 11 insertions, 11 deletions
diff --git a/Gemfile b/Gemfile
index 128c0b4526b..285ccf32b66 100644
--- a/Gemfile
+++ b/Gemfile
@@ -31,7 +31,7 @@ gem 'omniauth-shibboleth'
 gem 'omniauth-kerberos'
 gem 'omniauth-gitlab'
 gem 'omniauth-bitbucket'
-gem 'doorkeeper', '2.1.0'
+gem 'doorkeeper', '2.1.3'
 gem "rack-oauth2", "~> 1.0.5"
 
 # Browser detection
@@ -48,7 +48,7 @@ gem 'gitlab-grack', '~> 2.0.0.rc2', require: 'grack'
 gem 'gitlab_omniauth-ldap', '1.2.1', require: "omniauth-ldap"
 
 # Git Wiki
-gem 'gollum-lib', '~> 4.0.0'
+gem 'gollum-lib', '~> 4.0.2'
 
 # Language detection
 gem "gitlab-linguist", "~> 3.0.1", require: "linguist"
diff --git a/Gemfile.lock b/Gemfile.lock
index 54753f5e016..80eebc16e4c 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -136,8 +136,8 @@ GEM
     diff-lcs (1.2.5)
     diffy (3.0.3)
     docile (1.1.5)
-    doorkeeper (2.1.0)
-      railties (>= 3.1)
+    doorkeeper (2.1.3)
+      railties (>= 3.2)
     dotenv (0.9.0)
     dropzonejs-rails (0.4.14)
       rails (> 3.1)
@@ -223,11 +223,11 @@ GEM
       omniauth (~> 1.0)
       pyu-ruby-sasl (~> 0.0.3.1)
       rubyntlm (~> 0.3)
-    gollum-grit_adapter (0.1.0)
-      gitlab-grit (~> 2.7.1)
-    gollum-lib (4.0.0)
+    gollum-grit_adapter (0.1.3)
+      gitlab-grit (~> 2.7, >= 2.7.1)
+    gollum-lib (4.0.2)
       github-markup (~> 1.3.1)
-      gollum-grit_adapter (~> 0.1.0)
+      gollum-grit_adapter (~> 0.1, >= 0.1.1)
       nokogiri (~> 1.6.4)
       rouge (~> 1.7.4)
       sanitize (~> 2.1.0)
@@ -480,7 +480,7 @@ GEM
     rest-client (1.6.7)
       mime-types (>= 1.16)
     rinku (1.7.3)
-    rouge (1.7.4)
+    rouge (1.7.7)
     rspec (2.99.0)
       rspec-core (~> 2.99.0)
       rspec-expectations (~> 2.99.0)
@@ -683,7 +683,7 @@ DEPENDENCIES
   devise (= 3.2.4)
   devise-async (= 0.9.0)
   diffy (~> 3.0.3)
-  doorkeeper (= 2.1.0)
+  doorkeeper (= 2.1.3)
   dropzonejs-rails
   email_spec
   enumerize
@@ -701,7 +701,7 @@ DEPENDENCIES
   gitlab_git (~> 7.1.2)
   gitlab_meta (= 7.0)
   gitlab_omniauth-ldap (= 1.2.1)
-  gollum-lib (~> 4.0.0)
+  gollum-lib (~> 4.0.2)
   gon (~> 5.0.0)
   grape (~> 0.6.1)
   grape-entity (~> 0.4.2)
author	Dmitriy Zaporozhets <dzaporozhets@gitlab.com>	2015-03-20 16:28:31 +0000
committer	Dmitriy Zaporozhets <dzaporozhets@gitlab.com>	2015-03-20 16:28:31 +0000
commit	478f92d2c254f987db926297402080ec60eaf2d1 (patch)
tree	0a5c6ba6230ee27af488bdca5f7ca9cad6604749
parent	c6dd117c71a326a09a1e6d546d6d0c98a21e3f1d (diff)
parent	484524e0968e168183a8e22599e062d29d1d81fe (diff)
download	gitlab-ce-478f92d2c254f987db926297402080ec60eaf2d1.tar.gz