IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-26 02:40:53 -06:00
Code Issues Packages Projects Releases Wiki Activity

SECURITY: update rubyzip dependency

Browse Source 
This updates rubyzip library so that callers can trust entries when
extracting files avoiding situations where a rogues zip imported by a rogue
admin could cause a disk space issue.
This commit is contained in:
Sam Saffron 2019-10-01 17:11:20 +10:00
parent ba0114a6ff
commit 0420e8145e
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Gemfile.lock
View File

@ -353,7 +353,7 @@ GEM
guess_html_encoding (>= 0.0.4) guess_html_encoding (>= 0.0.4)
nokogiri (>= 1.6.0) nokogiri (>= 1.6.0)
ruby_dep (1.5.0) ruby_dep (1.5.0)
rubyzip (1.2.3) rubyzip (2.0.0)
safe_yaml (1.0.5) safe_yaml (1.0.5)
sanitize (5.0.0) sanitize (5.0.0)
crass (~> 1.0.2) crass (~> 1.0.2)