diff --git a/CHANGELOG.md b/CHANGELOG.md index 9021beeca..f2dffe435 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ - Fix a security issue: dependency jQuery < 3.0.0 has a vulnerability as described in [CVE-2015-9251](https://nvd.nist.gov/vuln/detail/CVE-2015-9251) - Fix a security issue: dependency moment < 2.11.2 has a vulnerability as described in [CVE-2016-4055](https://nvd.nist.gov/vuln/detail/CVE-2016-4055) - Fix a security issue: dependency moment < 2.19.3 has a vulnerability as described in [CVE-2017-18214](https://nvd.nist.gov/vuln/detail/CVE-2017-18214) +- Fix a security issue: dependency RubyZip < 1.1.2 has a vulnerability as described in [CVE-2018-1000544](https://nvd.nist.gov/vuln/detail/CVE-2018-1000544) # v2.7.0 2018 November 27 diff --git a/Gemfile b/Gemfile index 6cff604c1..af491f407 100644 --- a/Gemfile +++ b/Gemfile @@ -140,7 +140,8 @@ gem 'apipie-rails' gem 'has_secure_token' # XLS files generation -gem 'axlsx', git: 'https://github.com/randym/axlsx', branch: 'release-3.0.0' +gem 'axlsx', git: 'https://github.com/randym/axlsx', branch: 'master' gem 'axlsx_rails' +gem 'rubyzip', '>= 1.2.2' gem 'rack-protection', '1.5.5' diff --git a/Gemfile.lock b/Gemfile.lock index 79f99e621..2adf89d00 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,12 +1,12 @@ GIT remote: https://github.com/randym/axlsx - revision: 977c09de1515e86536f0c952c08be319fbbab870 - branch: release-3.0.0 + revision: c593a08b2a929dac7aa8dc418b55e26b4c49dc34 + branch: master specs: axlsx (3.0.0.pre) - htmlentities (~> 4.3.4) + htmlentities (~> 4.3, >= 4.3.4) mimemagic (~> 0.3) - nokogiri (>= 1.7.1) + nokogiri (~> 1.8, >= 1.8.2) rubyzip (~> 1.2, >= 1.2.1) GEM @@ -366,7 +366,7 @@ GEM rolify (4.0.0) ruby-progressbar (1.7.5) ruby-rc4 (0.1.5) - rubyzip (1.2.1) + rubyzip (1.2.2) rufus-scheduler (3.0.9) tzinfo rvm-capistrano (1.5.6) @@ -550,6 +550,7 @@ DEPENDENCIES recurrence responders (~> 2.0) rolify + rubyzip (>= 1.2.2) rvm-capistrano sass-rails (= 5.0.1) sdoc (~> 0.4.0)