Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fix for CVE-2013-0156

  • Loading branch information...
commit 923f751db5f424c3f397e862cdb1b260568c4b57 1 parent 2173793
Xavier Shay authored
Showing with 44 additions and 37 deletions.
  1. +1 −1  Gemfile
  2. +37 −36 Gemfile.lock
  3. +6 −0 config/environment.rb
2  Gemfile
View
@@ -1,6 +1,6 @@
source 'https://rubygems.org'
-gem 'rails', '3.2.8'
+gem 'rails', '~> 3.2'
# Bundle edge Rails instead:
# gem 'rails', :git => 'git://github.com/rails/rails.git'
73 Gemfile.lock
View
@@ -4,41 +4,41 @@ GEM
RedCloth (4.2.9)
RedCloth (4.2.9-java)
aaronh-chronic (0.3.9)
- actionmailer (3.2.8)
- actionpack (= 3.2.8)
+ actionmailer (3.2.11)
+ actionpack (= 3.2.11)
mail (~> 2.4.4)
- actionpack (3.2.8)
- activemodel (= 3.2.8)
- activesupport (= 3.2.8)
+ actionpack (3.2.11)
+ activemodel (= 3.2.11)
+ activesupport (= 3.2.11)
builder (~> 3.0.0)
erubis (~> 2.7.0)
journey (~> 1.0.4)
rack (~> 1.4.0)
rack-cache (~> 1.2)
rack-test (~> 0.6.1)
- sprockets (~> 2.1.3)
- activemodel (3.2.8)
- activesupport (= 3.2.8)
+ sprockets (~> 2.2.1)
+ activemodel (3.2.11)
+ activesupport (= 3.2.11)
builder (~> 3.0.0)
- activerecord (3.2.8)
- activemodel (= 3.2.8)
- activesupport (= 3.2.8)
+ activerecord (3.2.11)
+ activemodel (= 3.2.11)
+ activesupport (= 3.2.11)
arel (~> 3.0.2)
tzinfo (~> 0.3.29)
activerecord-jdbc-adapter (1.2.1)
activerecord-jdbcsqlite3-adapter (1.2.1)
activerecord-jdbc-adapter (~> 1.2.1)
jdbc-sqlite3 (~> 3.7.2)
- activeresource (3.2.8)
- activemodel (= 3.2.8)
- activesupport (= 3.2.8)
- activesupport (3.2.8)
+ activeresource (3.2.11)
+ activemodel (= 3.2.11)
+ activesupport (= 3.2.11)
+ activesupport (3.2.11)
i18n (~> 0.6)
multi_json (~> 1.0)
addressable (2.2.6)
arel (3.0.2)
bouncy-castle-java (1.5.0146.1)
- builder (3.0.0)
+ builder (3.0.4)
capybara (1.1.2)
mime-types (>= 1.16)
nokogiri (>= 1.3.3)
@@ -79,7 +79,7 @@ GEM
gherkin (2.7.3-java)
json (>= 1.4.6)
hike (1.2.1)
- i18n (0.6.0)
+ i18n (0.6.1)
jdbc-sqlite3 (3.7.2)
journey (1.0.4)
jquery-rails (2.1.1)
@@ -88,8 +88,8 @@ GEM
jruby-openssl (0.7.4)
bouncy-castle-java
jruby-rack (1.1.3)
- json (1.7.5)
- json (1.7.5-java)
+ json (1.7.6)
+ json (1.7.6-java)
launchy (2.0.5)
addressable (~> 2.2.6)
launchy (2.0.5-java)
@@ -108,7 +108,7 @@ GEM
open_id_authentication (1.1.0)
rack-openid (~> 1.3)
polyglot (0.3.3)
- rack (1.4.1)
+ rack (1.4.3)
rack-cache (1.2)
rack (>= 0.4)
rack-openid (1.3.1)
@@ -116,24 +116,24 @@ GEM
ruby-openid (>= 2.1.8)
rack-ssl (1.3.2)
rack
- rack-test (0.6.1)
+ rack-test (0.6.2)
rack (>= 1.0)
- rails (3.2.8)
- actionmailer (= 3.2.8)
- actionpack (= 3.2.8)
- activerecord (= 3.2.8)
- activeresource (= 3.2.8)
- activesupport (= 3.2.8)
+ rails (3.2.11)
+ actionmailer (= 3.2.11)
+ actionpack (= 3.2.11)
+ activerecord (= 3.2.11)
+ activeresource (= 3.2.11)
+ activesupport (= 3.2.11)
bundler (~> 1.0)
- railties (= 3.2.8)
- railties (3.2.8)
- actionpack (= 3.2.8)
- activesupport (= 3.2.8)
+ railties (= 3.2.11)
+ railties (3.2.11)
+ actionpack (= 3.2.11)
+ activesupport (= 3.2.11)
rack-ssl (~> 1.3.2)
rake (>= 0.8.7)
rdoc (~> 3.4)
thor (>= 0.14.6, < 2.0)
- rake (0.9.2.2)
+ rake (10.0.3)
rdoc (3.12)
json (~> 1.4)
rspec (2.8.0)
@@ -162,22 +162,23 @@ GEM
multi_json (~> 1.0.4)
rubyzip
spoon (0.0.1)
- sprockets (2.1.3)
+ sprockets (2.2.2)
hike (~> 1.2)
+ multi_json (~> 1.0)
rack (~> 1.0)
tilt (~> 1.1, != 1.3.0)
sqlite3 (1.3.5)
term-ansicolor (1.0.7)
thor (0.16.0)
tilt (1.3.3)
- treetop (1.4.10)
+ treetop (1.4.12)
polyglot
polyglot (>= 0.3.1)
trinidad (1.3.2)
jruby-rack (>= 1.1.1)
trinidad_jars (>= 1.0.1)
trinidad_jars (1.0.2)
- tzinfo (0.3.33)
+ tzinfo (0.3.35)
webrat (0.7.3)
nokogiri (>= 1.2.0)
rack (>= 1.0)
@@ -207,7 +208,7 @@ DEPENDENCIES
nokogiri (~> 1.5.0)
open_id_authentication
rack-openid
- rails (= 3.2.8)
+ rails (~> 3.2)
rspec
rspec-rails
ruby-openid
6 config/environment.rb
View
@@ -1,5 +1,11 @@
# Load the rails application
require File.expand_path('../application', __FILE__)
+ActionDispatch::ParamsParser::DEFAULT_PARSERS.delete(Mime::XML)
+ActionDispatch::ParamsParser::DEFAULT_PARSERS.delete(Mime::YAML)
+
+ActiveSupport::XmlMini::PARSING.delete("symbol")
+ActiveSupport::XmlMini::PARSING.delete("yaml")
+
# Initialize the rails application
Enki::Application.initialize!
Please sign in to comment.
Something went wrong with that request. Please try again.