Skip to content
This repository has been archived by the owner on Dec 2, 2020. It is now read-only.

Upgrade Rails due to security vulnerabilities (CVE-2016-2097, CVE-2016-2098) #101

Closed
hubot opened this issue Feb 28, 2017 · 4 comments
Closed

Upgrade Rails due to security vulnerabilities (CVE-2016-2097, CVE-2016-2098) #101

hubot opened this issue Feb 28, 2017 · 4 comments
Labels
Security

Comments

@hubot
Copy link

hubot commented Feb 28, 2017

Heaven detected that rails is not >= 5.0, ~> 3.2.22.2, ~> 4.1.14.2, ~> 4.2.5.2

Your Gemfile.lock on the master branch currently is 4.2.8.

Can you folks fix this up? 💞

/cc https://github.com/github/security/issues/1468
@hubot hubot added the Security label Feb 28, 2017
@jacobbednarz
Copy link
Member

cc @oreoshake - Looks like your security checks for rails are a bit behind.

@oreoshake
Copy link

We don't use boxen anymore ¯_(ツ)_/¯

@jacobbednarz
Copy link
Member

Oh, I understood that much but there are also newer versions of Rails 4.2.x that have mitigated theses CVEs.

@oreoshake
Copy link

Ah, I see. Yeah, it's not perfect 😄

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Security
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jacobbednarz @oreoshake @hubot