diff options
| author | Louise Crow <louise.crow@gmail.com> | 2013-02-11 21:39:19 +0000 |
|---|---|---|
| committer | Louise Crow <louise.crow@gmail.com> | 2013-02-11 21:50:38 +0000 |
| commit | dc5b806ebc07f850c6987890c6a5c9fd096faaa2 (patch) | |
| tree | a29b4ef839179536cb51231652f53ee2e523b6a5 | |
| parent | 91a0f79649fd4d374d8c234b6b944bc5dc8f3dc3 (diff) | |
Upgrade JSON gem to get fix for CVE-2013-0269. Update to latest Rails 2-3 series - has fixes for CVE-2013-0277, CVE-2013-0276, although alaveteli does not use attr_protected or serialize.hotfix/0.6.9.3
| -rw-r--r-- | Gemfile | 4 | ||||
| -rw-r--r-- | Gemfile.lock | 38 | ||||
| -rw-r--r-- | config/environment.rb | 2 |
3 files changed, 22 insertions, 22 deletions
@@ -8,7 +8,7 @@ end source :rubygems # A fork of rails that is kept up to date with security patches -git "git://github.com/mysociety/rails.git", :tag => "v2.3.16.1" do +git "git://github.com/mysociety/rails.git", :tag => "v2.3.17.1" do gem 'rails' end gem 'pg' @@ -17,7 +17,7 @@ gem 'fast_gettext', '>= 0.6.0' gem 'fastercsv', '>=1.5.5' gem 'gettext_i18n_rails', '>= 0.7.1' gem 'gettext', '~> 2.3.3' -gem 'json', '~> 1.5.1' +gem 'json', '~> 1.5.5' gem 'mahoro' gem 'mail', :platforms => :ruby_19 gem 'memcache-client', :require => 'memcache' diff --git a/Gemfile.lock b/Gemfile.lock index 35a2f40be..4526c5786 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,24 +1,24 @@ GIT remote: git://github.com/mysociety/rails.git - revision: be86a2fd6264637a22e1a1aeb8a8ec979f53ec1e - tag: v2.3.16.1 + revision: 893560c501f2c3eda044938840108431dcf6ab91 + tag: v2.3.17.1 specs: - actionmailer (2.3.16) - actionpack (= 2.3.16) - actionpack (2.3.16) - activesupport (= 2.3.16) + actionmailer (2.3.17) + actionpack (= 2.3.17) + actionpack (2.3.17) + activesupport (= 2.3.17) rack (~> 1.1.0) - activerecord (2.3.16) - activesupport (= 2.3.16) - activeresource (2.3.16) - activesupport (= 2.3.16) - activesupport (2.3.16) - rails (2.3.16) - actionmailer (= 2.3.16) - actionpack (= 2.3.16) - activerecord (= 2.3.16) - activeresource (= 2.3.16) - activesupport (= 2.3.16) + activerecord (2.3.17) + activesupport (= 2.3.17) + activeresource (2.3.17) + activesupport (= 2.3.17) + activesupport (2.3.17) + rails (2.3.17) + actionmailer (= 2.3.17) + actionpack (= 2.3.17) + activerecord (= 2.3.17) + activeresource (= 2.3.17) + activesupport (= 2.3.17) rake (>= 0.8.3) GEM @@ -54,7 +54,7 @@ GEM hoe (3.0.8) rake (~> 0.8) i18n (0.6.1) - json (1.5.4) + json (1.5.5) linecache (0.46) rbx-require-relative (> 0.0.4) linecache19 (0.5.12) @@ -160,7 +160,7 @@ DEPENDENCIES fastercsv (>= 1.5.5) gettext (~> 2.3.3) gettext_i18n_rails (>= 0.7.1) - json (~> 1.5.1) + json (~> 1.5.5) locale (>= 2.0.5) mahoro mail diff --git a/config/environment.rb b/config/environment.rb index 8933f9ade..bdeb4c983 100644 --- a/config/environment.rb +++ b/config/environment.rb @@ -18,7 +18,7 @@ end # ENV['RAILS_ENV'] ||= 'production' # Specifies gem version of Rails to use when vendor/rails is not present -RAILS_GEM_VERSION = '2.3.16' unless defined? RAILS_GEM_VERSION +RAILS_GEM_VERSION = '2.3.17' unless defined? RAILS_GEM_VERSION # Bootstrap the Rails environment, frameworks, and default configuration require File.join(File.dirname(__FILE__), 'boot') |