diff options
author | Tim Smith <tsmith@chef.io> | 2019-03-06 12:08:29 -0800 |
---|---|---|
committer | Tim Smith <tsmith@chef.io> | 2019-03-06 12:08:29 -0800 |
commit | 7894cdddfbb2306ef7c477be14d62ae06b8b4bcd (patch) | |
tree | eaa6bcae75466745c7378dbfd673d28c8ad4998a /RELEASE_NOTES.md | |
parent | 2399a3cfc6e2cbac17eee62005fb104acf937875 (diff) | |
download | chef-7894cdddfbb2306ef7c477be14d62ae06b8b4bcd.tar.gz |
Bump Rubygems to 2.7.9 and add that to the release notes
Use the latest / greatest
Signed-off-by: Tim Smith <tsmith@chef.io>
Diffstat (limited to 'RELEASE_NOTES.md')
-rw-r--r-- | RELEASE_NOTES.md | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index 10cc803308..2695b8264c 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -35,7 +35,6 @@ InSpec has been updated from 3.4.1 to 3.7.1. This new release contains improveme ## Updated Components - bundler 1.16.1 -> 1.17.3 -- rubygems 2.7.6 -> 2.7.8 - libxml2 2.9.7 -> 2.9.9 - ca-certs updated to 2019-01-22 for new roots @@ -43,7 +42,17 @@ InSpec has been updated from 3.4.1 to 3.7.1. This new release contains improveme ### OpenSSL -OpenSSL has been updated to 1.0.2r in order to resolve ([CVE-2019-1559](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559)) +OpenSSL has been updated to 1.0.2r in order to resolve [CVE-2019-1559](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559) + +### RubyGems + +RubyGems has been updated to 2.7.9 in order to resolve the following CVEs: + - [CVE-2019-8320](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8320): Delete directory using symlink when decompressing tar + - [CVE-2019-8321](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8321): Escape sequence injection vulnerability in verbose + - [CVE-2019-8322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8322): Escape sequence injection vulnerability in gem owner + - [CVE-2019-8323](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8323): Escape sequence injection vulnerability in API response handling + - [CVE-2019-8324](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8324): Installing a malicious gem may lead to arbitrary code execution + - [CVE-2019-8325](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8325): Escape sequence injection vulnerability in errors # Chef Client Release Notes 14.10: |