From 38e425cbc3f45b23a15fa9ec92051b467e8460ce Mon Sep 17 00:00:00 2001
From: Sylvain <bond.never.die@gmail.com>
Date: Thu, 12 Jul 2018 14:26:21 +0200
Subject: [PATCH] [security] fix for CVE-2017-18258

---
 CHANGELOG.md | 1 +
 Gemfile.lock | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 12d6d723b..029abbfff 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,7 @@
 - Fix a bug: events categories are not reported correctly in statistics
 - Fix a security issue: dependency loofah has a vulnerability as described in [CVE-2018-8048](https://github.com/flavorjones/loofah/issues/144)
 - Fix a security issue: rails-html-sanitizer < 1.0.3 has a security vulnerability described in [CVE-2018-3741](https://nvd.nist.gov/vuln/detail/CVE-2018-3741)
+- Fix a security issue: nokogiri < 1.8.2 has a security vulnerability as described in [CVE-2017-18258](https://nvd.nist.gov/vuln/detail/CVE-2017-18258)
 - Ensure elasticSearch indices are started with green status on new installations
 - Refactored User.as_json to remove code duplication
 - Fixed syntax and typos in README 
diff --git a/Gemfile.lock b/Gemfile.lock
index 6876ebcd2..32b4ed693 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -274,7 +274,7 @@ GEM
     net-ssh-gateway (1.2.0)
       net-ssh (>= 2.6.5)
     netrc (0.10.3)
-    nokogiri (1.8.2)
+    nokogiri (1.8.4)
       mini_portile2 (~> 2.3.0)
     notify_with (0.0.2)
       jbuilder (~> 2.0)