diff options
author | Dmitriy Zaporozhets <dzaporozhets@gitlab.com> | 2015-03-20 16:28:31 +0000 |
---|---|---|
committer | Dmitriy Zaporozhets <dzaporozhets@gitlab.com> | 2015-03-20 16:28:31 +0000 |
commit | 478f92d2c254f987db926297402080ec60eaf2d1 (patch) | |
tree | 0a5c6ba6230ee27af488bdca5f7ca9cad6604749 | |
parent | c6dd117c71a326a09a1e6d546d6d0c98a21e3f1d (diff) | |
parent | 484524e0968e168183a8e22599e062d29d1d81fe (diff) | |
download | gitlab-ce-478f92d2c254f987db926297402080ec60eaf2d1.tar.gz |
Merge branch 'security_fixes' into 'master'
[security] gems update
[doorkeeper] added filtering of sensitive information (like secret key) from production.log
[gollum lib] remote code execution (in search field). We don't have search for wiki but it is better to have this fix.
Nothing critical!!!
related to #2143
See merge request !1732
-rw-r--r-- | Gemfile | 4 | ||||
-rw-r--r-- | Gemfile.lock | 18 |
2 files changed, 11 insertions, 11 deletions
@@ -31,7 +31,7 @@ gem 'omniauth-shibboleth' gem 'omniauth-kerberos' gem 'omniauth-gitlab' gem 'omniauth-bitbucket' -gem 'doorkeeper', '2.1.0' +gem 'doorkeeper', '2.1.3' gem "rack-oauth2", "~> 1.0.5" # Browser detection @@ -48,7 +48,7 @@ gem 'gitlab-grack', '~> 2.0.0.rc2', require: 'grack' gem 'gitlab_omniauth-ldap', '1.2.1', require: "omniauth-ldap" # Git Wiki -gem 'gollum-lib', '~> 4.0.0' +gem 'gollum-lib', '~> 4.0.2' # Language detection gem "gitlab-linguist", "~> 3.0.1", require: "linguist" diff --git a/Gemfile.lock b/Gemfile.lock index 54753f5e016..80eebc16e4c 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -136,8 +136,8 @@ GEM diff-lcs (1.2.5) diffy (3.0.3) docile (1.1.5) - doorkeeper (2.1.0) - railties (>= 3.1) + doorkeeper (2.1.3) + railties (>= 3.2) dotenv (0.9.0) dropzonejs-rails (0.4.14) rails (> 3.1) @@ -223,11 +223,11 @@ GEM omniauth (~> 1.0) pyu-ruby-sasl (~> 0.0.3.1) rubyntlm (~> 0.3) - gollum-grit_adapter (0.1.0) - gitlab-grit (~> 2.7.1) - gollum-lib (4.0.0) + gollum-grit_adapter (0.1.3) + gitlab-grit (~> 2.7, >= 2.7.1) + gollum-lib (4.0.2) github-markup (~> 1.3.1) - gollum-grit_adapter (~> 0.1.0) + gollum-grit_adapter (~> 0.1, >= 0.1.1) nokogiri (~> 1.6.4) rouge (~> 1.7.4) sanitize (~> 2.1.0) @@ -480,7 +480,7 @@ GEM rest-client (1.6.7) mime-types (>= 1.16) rinku (1.7.3) - rouge (1.7.4) + rouge (1.7.7) rspec (2.99.0) rspec-core (~> 2.99.0) rspec-expectations (~> 2.99.0) @@ -683,7 +683,7 @@ DEPENDENCIES devise (= 3.2.4) devise-async (= 0.9.0) diffy (~> 3.0.3) - doorkeeper (= 2.1.0) + doorkeeper (= 2.1.3) dropzonejs-rails email_spec enumerize @@ -701,7 +701,7 @@ DEPENDENCIES gitlab_git (~> 7.1.2) gitlab_meta (= 7.0) gitlab_omniauth-ldap (= 1.2.1) - gollum-lib (~> 4.0.0) + gollum-lib (~> 4.0.2) gon (~> 5.0.0) grape (~> 0.6.1) grape-entity (~> 0.4.2) |