Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update UglifyJS to 2.4.24 #86

Merged
merged 1 commit into from Aug 26, 2015
Merged

Update UglifyJS to 2.4.24 #86

merged 1 commit into from Aug 26, 2015

Conversation

reedloden
Copy link
Contributor

Needed to fix a security issue that was fixed in UglifyJS 2.4.24

mishoo/UglifyJS#751
https://zyan.scripts.mit.edu/blog/backdooring-js/

@reedloden
Copy link
Contributor Author

@lautis Once this is committed, would appreciate a new release.

@lautis
Copy link
Owner

lautis commented Aug 25, 2015

Thanks for notifying, I'll merge and release a new version tomorrow when I'm back home.

lautis added a commit that referenced this pull request Aug 26, 2015
@lautis
Merge pull request #86 from reedloden/bump-uglify-js
4d9e5f2 
Update UglifyJS to 2.4.24
@lautis lautis merged commit 4d9e5f2 into lautis:master Aug 26, 2015
@reedloden reedloden deleted the bump-uglify-js branch August 26, 2015 16:38
@lautis
Copy link
Owner

lautis commented Aug 26, 2015

@reedloden, I've published v2.7.2 without the backwards-incompatible changes in master.

dotemacs pushed a commit to hmcts/hwf-staffapp that referenced this pull request Aug 27, 2015
Update uglifier gem due to vulnerability
db6b79b 
See:

lautis/uglifier#86
https://nodesecurity.io/advisories/uglifyjs_incorrectly_handles_non-boolean_comparisons
dotemacs pushed a commit to hmcts/hwf-staffapp that referenced this pull request Aug 28, 2015
Update uglifier gem due to vulnerability
be55a82 
See:

lautis/uglifier#86
https://nodesecurity.io/advisories/uglifyjs_incorrectly_handles_non-boolean_comparisons
koffeinfrei added a commit to metaflop/metaflop-www that referenced this pull request Aug 28, 2015
@koffeinfrei
update gems
d6a2ff2 
mainly security update for uglifier:
lautis/uglifier#86
amatriain added a commit to amatriain/feedbunch that referenced this pull request Aug 29, 2015
@amatriain
Updated uglifier gem 2.7.1 -> 2.7.2
6ba2b1d 
This fixes a security vulnerability. Details:

	lautis/uglifier#86
	https://zyan.scripts.mit.edu/blog/backdooring-js/
	https://nodesecurity.io/advisories/uglifyjs_incorrectly_handles_non-boolean_comparisons
	mishoo/UglifyJS#751
fiedl added a commit to fiedl/your_platform that referenced this pull request Aug 31, 2015
@fiedl
updating uglifier to 2.7.2 due to security issue.
4e407e7 
BACKDOORING VIA ERRONEOUS MINIFCATION OF BOOLEAN EXPRESSION

lautis/uglifier#86

Trello: https://trello.com/c/x6w9tlVh/906-backdooring-via-erroneous-minifcation-of-boolean-expression
fiedl added a commit to fiedl/wingolfsplattform that referenced this pull request Aug 31, 2015
@fiedl
updating uglifier to 2.7.2 due to security issue.
e67256b 
BACKDOORING VIA ERRONEOUS MINIFCATION OF BOOLEAN EXPRESSION

lautis/uglifier#86

YourPlatform: fiedl/your_platform@4e407e7

Trello: https://trello.com/c/x6w9tlVh/906-backdooring-via-erroneous-minifcation-of-boolean-expression
@reidab reidab mentioned this pull request Sep 7, 2015
Open
dylangrafmyre added a commit to shakacode/react_on_rails that referenced this pull request Sep 15, 2015
@dylangrafmyre
Address security alert for gem uglifier
0972af7 
Update gem uglifier to >= 2.7.2 to address security alert for affected
versions prior to 2.7.2
Sources: lautis/uglifier#86
https://zyan.scripts.mit.edu/blog/backdooring-js/
https://nodesecurity.io/advisories/uglifyjs_incorrectly_handles_non-boolean_comparisons
mishoo/UglifyJS#751
@dylangrafmyre dylangrafmyre mentioned this pull request Sep 15, 2015
Merged
dzaporozhets added a commit to gitlabhq/gitlabhq that referenced this pull request Oct 15, 2015
@dzaporozhets
Merge branch 'rs-update-uglifier' into 'master'
fb77856 
Update uglifier to ~> 2.7.2

Fixes a security vulnerability:

- lautis/uglifier#86
- mishoo/UglifyJS#751
- https://zyan.scripts.mit.edu/blog/backdooring-js/

See merge request !1590
robbkidd added a commit to robbkidd/supermarket that referenced this pull request Nov 2, 2015
@robbkidd
Upgrade uglifier to address security issue
d16403b 
More info lautis/uglifier#86
sgerrand pushed a commit to sgerrand/boxen-web that referenced this pull request Nov 21, 2015
Update uglifier gem and dependencies to v2.7.2
9878ef6 
Uglifier prior to version 2.7.2 has a known vulnerability:

> There's a vulnerability which allows a specially crafted Javascript file to
> have altered functionality after minification. This bug was demonstrated to
> allow potentially malicious code to be hidden within secure code, activated by
> minification. Affected versions erroneously minify boolean expressions.

Sources:
* lautis/uglifier#86
* https://zyan.scripts.mit.edu/blog/backdooring-js/
* https://nodesecurity.io/advisories/uglifyjs_incorrectly_handles_non-boolean_comparisons
* mishoo/UglifyJS#751
@sgerrand sgerrand mentioned this pull request Nov 21, 2015
Merged
sgerrand added a commit to sgerrand/boxen-web that referenced this pull request Nov 21, 2015
@sgerrand
Update uglifier gem and dependencies to v2.7.2
f94d099 
Uglifier prior to version 2.7.2 has a known vulnerability:

> There's a vulnerability which allows a specially crafted Javascript file to
> have altered functionality after minification. This bug was demonstrated to
> allow potentially malicious code to be hidden within secure code, activated by
> minification. Affected versions erroneously minify boolean expressions.

Sources:
* lautis/uglifier#86
* https://zyan.scripts.mit.edu/blog/backdooring-js/
* https://nodesecurity.io/advisories/uglifyjs_incorrectly_handles_non-boolean_comparisons
* mishoo/UglifyJS#751
mocoso added a commit to mocoso/film-finder that referenced this pull request Nov 29, 2015
@mocoso
Upgrade uglifier to v2.7.2
460e2ca 
For security fixes, for more details see
lautis/uglifier#86
nellshamrell pushed a commit to nellshamrell/supermarket that referenced this pull request Dec 1, 2015
@robbkidd @nellshamrell
Upgrade uglifier to address security issue
e4eba1f 
More info lautis/uglifier#86
chrismear added a commit to chrismear/one-click-orgs that referenced this pull request Dec 29, 2015
@chrismear
Upgrade uglifier to get backdooring security fix.
b4baadd 
lautis/uglifier#86
@chrismear chrismear mentioned this pull request Dec 29, 2015
Open
leftathome pushed a commit to leftathome/supermarket that referenced this pull request Feb 22, 2016
@robbkidd
Upgrade uglifier to address security issue
a98f474 
More info lautis/uglifier#86
fstar-dev added a commit to fstar-dev/react-on-rails that referenced this pull request Jan 27, 2023
@fstar-dev
Address security alert for gem uglifier
fc1da7e 
Update gem uglifier to >= 2.7.2 to address security alert for affected
versions prior to 2.7.2
Sources: lautis/uglifier#86
https://zyan.scripts.mit.edu/blog/backdooring-js/
https://nodesecurity.io/advisories/uglifyjs_incorrectly_handles_non-boolean_comparisons
mishoo/UglifyJS#751
DannyMay9082 added a commit to DannyMay9082/react_on_rails that referenced this pull request Feb 16, 2023
@DannyMay9082
Address security alert for gem uglifier
0ea6093 
Update gem uglifier to >= 2.7.2 to address security alert for affected
versions prior to 2.7.2
Sources: lautis/uglifier#86
https://zyan.scripts.mit.edu/blog/backdooring-js/
https://nodesecurity.io/advisories/uglifyjs_incorrectly_handles_non-boolean_comparisons
mishoo/UglifyJS#751
Web-Go-To added a commit to Web-Go-To/react-with-rails that referenced this pull request Mar 19, 2023
@Web-Go-To
Address security alert for gem uglifier
8c4f50a 
Update gem uglifier to >= 2.7.2 to address security alert for affected
versions prior to 2.7.2
Sources: lautis/uglifier#86
https://zyan.scripts.mit.edu/blog/backdooring-js/
https://nodesecurity.io/advisories/uglifyjs_incorrectly_handles_non-boolean_comparisons
mishoo/UglifyJS#751
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@reedloden @lautis