[security] cve-2018-16468 and cve-2018-16471

2024-11-28 09:24:24 +01:00 · 2018-11-26 11:12:54 +01:00 · 2018-11-26 11:12:54 +01:00 · 2efd7644d2
commit 2efd7644d2
parent d9f2997d6b
3 changed files with 6 additions and 3 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -5,6 +5,9 @@
 - Migrated front-end application from CoffeeScript to ECMAScript 6 (JS)
 - Integration of Eslint and Rubocop coding rules
 - Fix a bug: on small screens, display of button "change group" overflows
+- Fix a security issue: dependency rack has a vulnerability as described in [CVE-2018-16471](https://nvd.nist.gov/vuln/detail/CVE-2018-16471)
+- Fix a security issue: dependency loofah has a vulnerability as described in [CVE-2018-16468](https://github.com/flavorjones/loofah/issues/154)
+- Updated documentation

 ## v2.6.7 2018 October 4

--- a/2
+++ b/2
@ -143,4 +143,4 @@ gem 'has_secure_token'
 gem 'axlsx', git: 'https://github.com/randym/axlsx', branch: 'release-3.0.0'
 gem 'axlsx_rails'

-gem "rack-protection", "1.5.5"
+gem 'rack-protection', '1.5.5'
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -227,7 +227,7 @@ GEM
      activesupport (>= 3.0.0)
    kgio (2.9.3)
    libv8 (3.16.14.11)
-    loofah (2.2.2)
+    loofah (2.2.3)
      crass (~> 1.0.2)
      nokogiri (>= 1.5.9)
    mail (2.7.0)
@ -307,7 +307,7 @@ GEM
    puma (3.10.0)
    pundit (1.0.0)
      activesupport (>= 3.0.0)
-    rack (1.6.10)
+    rack (1.6.11)
    rack-protection (1.5.5)
      rack
    rack-test (0.6.3)