mirror of
https://github.com/LaCasemate/fab-manager.git
synced 2025-01-29 18:52:22 +01:00
[security] CVE-2019-11358
This commit is contained in:
Sylvain
parent
5d32756928
commit
053c41402e
20
CHANGELOG.md
20
CHANGELOG.md
@ -2,9 +2,11 @@
|
||||
|
||||
- Fix a bug: when generating an Avoir at a previous date, the resulting checksum may be invalid
|
||||
- Fix a bug: updating a setting does not chain new values
|
||||
- Fix a security issue: updated to jquery 3.4.1 to fix [CVE-2019-11358](https://nvd.nist.gov/vuln/detail/CVE-2019-11358)
|
||||
- [TODO DEPLOY] `rake fablab:setup:chain_invoices_items_records`
|
||||
- [TODO DEPLOY] `rake fablab:setup:chain_invoices_records`
|
||||
- [TODO DEPLOY] `rake fablab:setup:chain_history_values_records`
|
||||
- [TODO DEPLOY] -> (only dev) yarn install
|
||||
|
||||
## v3.1.1 2019 April 8
|
||||
|
||||
@ -42,7 +44,7 @@
|
||||
- Refactored some pieces of Ruby code, according to style guide
|
||||
- Added asterisks on required fields in sign-up form
|
||||
- [TODO DEPLOY] /!\ Before deploying, you must check (and eventually) correct your VAT history using the rails console. Missing rates can be added later but dates and rates (including date of activation, disabling) MUST be correct. These values are very likely wrong if your installation was made prior to 2.8.0 with VAT enabled. Other cases must be checked too.
|
||||
- [TODO DEPLOY] (dev) if applicable, you must first downgrade bundler to v1 `gem uninstall bundler --version=2.0.1 && gem install bundler --version=1.7.3 && bundle install`
|
||||
- [TODO DEPLOY] -> (only dev) if applicable, you must first downgrade bundler to v1 `gem uninstall bundler --version=2.0.1 && gem install bundler --version=1.7.3 && bundle install`
|
||||
- [TODO DEPLOY] if you have changed your VAT rate in the past, add its history into database. You can use a rate of "0" to disable VAT. Eg. `rake fablab:setup:add_vat_rate[20,2017-01-01]`
|
||||
- [TODO DEPLOY] `rake fablab:setup:set_environment_to_invoices`
|
||||
- [TODO DEPLOY] `rake fablab:setup:chain_invoices_items_records`
|
||||
@ -59,7 +61,7 @@
|
||||
- Fix a bug: application in unavailable if a SSO is active
|
||||
- Fix a security issue: dependency bootstrap < 4.3.1 has an XSS vulnerability as described in [CVE-2019-8331](https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/)
|
||||
- Fixed missing translations in authentication providers form
|
||||
- [TODO DEPLOY] (dev) `bundle install`
|
||||
- [TODO DEPLOY] -> (only dev) `bundle install`
|
||||
|
||||
## v2.8.3 2019 January 29
|
||||
|
||||
@ -83,7 +85,7 @@
|
||||
- Fix a bug: Invalid translation in new partner modal
|
||||
- Refactored frontend invoices translations
|
||||
- Updated RailRoady 1.4.0 to 1.5.3
|
||||
- [TODO DEPLOY] (dev) `bundle install`
|
||||
- [TODO DEPLOY] -> (only dev) `bundle install`
|
||||
|
||||
## v2.8.1 2019 January 02
|
||||
|
||||
@ -102,7 +104,7 @@
|
||||
- Added badges to README
|
||||
- Fix a security issue: dependency ActiveJob < 4.2.11 has a vulnerability as described in [CVE-2018-16476](https://nvd.nist.gov/vuln/detail/CVE-2018-16476)
|
||||
- [TODO DEPLOY] `rake db:migrate`
|
||||
- [TODO DEPLOY] (dev) `bundle install`
|
||||
- [TODO DEPLOY] -> (only dev) `bundle install`
|
||||
|
||||
## v2.7.4 2018 December 04
|
||||
|
||||
@ -180,7 +182,7 @@
|
||||
- Fixed syntax and typos in README
|
||||
- [TODO DEPLOY] **IMPORTANT** Please read [elastic_upgrade.md](doc/elastic_upgrade.md) for instructions on upgrading ElasticSearch.
|
||||
- [TODO DEPLOY] `rake fablab:fix:categories_slugs`
|
||||
- [TODO DEPLOY] (dev) `bundle install`
|
||||
- [TODO DEPLOY] -> (only dev) `bundle install`
|
||||
- [TODO DEPLOY] `rake db:seed`
|
||||
|
||||
## v2.6.4 2018 March 15
|
||||
@ -239,7 +241,7 @@
|
||||
- Updated test data to allow passing test suite
|
||||
- Upgraded rails minor version
|
||||
- [TODO DEPLOY] `rake db:migrate`
|
||||
- [TODO DEPLOY] (dev) `bundle install`
|
||||
- [TODO DEPLOY] -> (only dev) `bundle install`
|
||||
|
||||
## v2.5.14 2017 September 12
|
||||
|
||||
@ -514,7 +516,7 @@
|
||||
- [TODO DEPLOY] `rake fablab:es:build_availabilities_index`
|
||||
- [TODO DEPLOY] `rake fablab:es:add_event_filters`
|
||||
- [TODO DEPLOY] `rake db:migrate`
|
||||
- [TODO DEPLOY] (dev) `bundle install`
|
||||
- [TODO DEPLOY] -> (only dev) `bundle install`
|
||||
- [TODO DEPLOY] add `EXCEL_DATE_FORMAT`, `ALLOWED_EXTENSIONS` and `ALLOWED_MIME_TYPES` environment variable in `application.yml`
|
||||
- [OPTIONAL] `rake fablab:fix:assign_category_to_uncategorized_events` (will put every non-categorized events into a new category called "No Category", to ease re-categorization)
|
||||
|
||||
@ -532,7 +534,7 @@
|
||||
- Fix a bug: unable to deploy 2.2.0+ when PostgreSQL 'unaccent' extension was already active
|
||||
- Fix a bug: some reservations was referencing reservables not present in database (#patch)
|
||||
- [TODO DEPLOY] `bundle exec rake fablab:fix:reservations_not_existing_reservable` to apply #patch
|
||||
- [TODO DEPLOY] (dev) `bundle install` then (all) `rake db:migrate`
|
||||
- [TODO DEPLOY] -> (only dev) `bundle install` then (all) `rake db:migrate`
|
||||
|
||||
## v2.2.2 2016 June 23
|
||||
- Fix some bugs: users with uncompleted account (sso imported) won't appear in statistics, in listings and in searches. Moreover, they won't block statistics generation
|
||||
@ -556,7 +558,7 @@
|
||||
- API: GET /api/trainings do not load nor send the associated availabilities until they are requested
|
||||
- List of members is now loaded 10 members by 10, to improve page load time
|
||||
- [TODO DEPLOY] Regenerate the theme stylesheet (easy way: Customization/General/Main colour -> "Save")
|
||||
- [TODO DEPLOY] (dev) `bundle install` then (all) `rake db:migrate`
|
||||
- [TODO DEPLOY] -> (only dev) `bundle install` then (all) `rake db:migrate`
|
||||
|
||||
## v2.1.2 2016 May 24
|
||||
- Fix a bug: Google Analytics was not loaded and did not report any stats
|
||||
|
||||
@ -60,7 +60,7 @@
|
||||
"fullcalendar": "2.3.1",
|
||||
"holderjs": "2.6",
|
||||
"jasny-bootstrap": "3.1",
|
||||
"jquery": "3",
|
||||
"jquery": ">=3.4.0",
|
||||
"jquery-minicolors": "^2.1.10",
|
||||
"jquery-ui": "https://github.com/devongovett/jqueryui-npm.git#1.10.4",
|
||||
"medium-editor": "4.4.0",
|
||||
|
||||
@ -880,11 +880,16 @@ jquery-minicolors@^2.1.10:
|
||||
version "1.10.4"
|
||||
resolved "https://github.com/devongovett/jqueryui-npm.git#51bc3549dd6530a18f43be45c3e8ae520805b9e4"
|
||||
|
||||
jquery@3, "jquery@>= 1.7.x", jquery@>=1.7.1, jquery@>=1.9.0:
|
||||
"jquery@>= 1.7.x", jquery@>=1.7.1, jquery@>=1.9.0:
|
||||
version "3.3.1"
|
||||
resolved "https://registry.yarnpkg.com/jquery/-/jquery-3.3.1.tgz#958ce29e81c9790f31be7792df5d4d95fc57fbca"
|
||||
integrity sha512-Ubldcmxp5np52/ENotGxlLe6aGMvmF4R8S6tZjsP6Knsaxd/xp3Zrh50cG93lR6nPXyUFwzN3ZSOQI0wRJNdGg==
|
||||
|
||||
jquery@>=3.4.0:
|
||||
version "3.4.1"
|
||||
resolved "https://registry.yarnpkg.com/jquery/-/jquery-3.4.1.tgz#714f1f8d9dde4bdfa55764ba37ef214630d80ef2"
|
||||
integrity sha512-36+AdBzCL+y6qjw5Tx7HgzeGCzC81MDDgaUP8ld2zhx58HdqXGoBd+tHdrBMiyjGQs0Hxs/MLZTu/eHNJJuWPw==
|
||||
|
||||
jquery@^1.11.1:
|
||||
version "1.12.4"
|
||||
resolved "https://registry.yarnpkg.com/jquery/-/jquery-1.12.4.tgz#01e1dfba290fe73deba77ceeacb0f9ba2fec9e0c"
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user