diff --git a/CHANGELOG.md b/CHANGELOG.md index e29ad89eb..e620222ac 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,8 @@ - Fix a bug: unable to install a new instance with an external reverse proxy - Fix a bug: do not display "powered by disqus" if Disqus is disabled - Fix a bug: do not send notifications each hour for payment schedules deadlines +- Fix a security issue: updated rails to 5.2.4.5 to fix [CVE-2021-22880](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880) +- [TODO DEPLOY] -> (only dev) `bundle install` ## v4.7.2 2021 March 1st - Updated yq to v4 diff --git a/Gemfile.lock b/Gemfile.lock index 182b7fd1a..ee8c4a8b3 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -4,46 +4,46 @@ GEM Ascii85 (1.0.3) aasm (5.0.8) concurrent-ruby (~> 1.0) - actioncable (5.2.4.4) - actionpack (= 5.2.4.4) + actioncable (5.2.4.5) + actionpack (= 5.2.4.5) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailer (5.2.4.4) - actionpack (= 5.2.4.4) - actionview (= 5.2.4.4) - activejob (= 5.2.4.4) + actionmailer (5.2.4.5) + actionpack (= 5.2.4.5) + actionview (= 5.2.4.5) + activejob (= 5.2.4.5) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (5.2.4.4) - actionview (= 5.2.4.4) - activesupport (= 5.2.4.4) + actionpack (5.2.4.5) + actionview (= 5.2.4.5) + activesupport (= 5.2.4.5) rack (~> 2.0, >= 2.0.8) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) actionpack-page_caching (1.2.2) actionpack (>= 5.0.0) - actionview (5.2.4.4) - activesupport (= 5.2.4.4) + actionview (5.2.4.5) + activesupport (= 5.2.4.5) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.3) active_record_query_trace (1.7) - activejob (5.2.4.4) - activesupport (= 5.2.4.4) + activejob (5.2.4.5) + activesupport (= 5.2.4.5) globalid (>= 0.3.6) - activemodel (5.2.4.4) - activesupport (= 5.2.4.4) - activerecord (5.2.4.4) - activemodel (= 5.2.4.4) - activesupport (= 5.2.4.4) + activemodel (5.2.4.5) + activesupport (= 5.2.4.5) + activerecord (5.2.4.5) + activemodel (= 5.2.4.5) + activesupport (= 5.2.4.5) arel (>= 9.0) - activestorage (5.2.4.4) - actionpack (= 5.2.4.4) - activerecord (= 5.2.4.4) + activestorage (5.2.4.5) + actionpack (= 5.2.4.5) + activerecord (= 5.2.4.5) marcel (~> 0.3.1) - activesupport (5.2.4.4) + activesupport (5.2.4.5) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) @@ -157,7 +157,7 @@ GEM httparty (0.18.0) mime-types (~> 3.0) multi_xml (>= 0.5.2) - i18n (1.8.8) + i18n (1.8.9) concurrent-ruby (~> 1.0) icalendar (2.5.3) ice_cube (~> 0.16) @@ -205,7 +205,7 @@ GEM mini_magick (4.10.1) mini_mime (1.0.2) mini_portile2 (2.5.0) - minitest (5.14.3) + minitest (5.14.4) minitest-reporters (1.4.2) ansi builder @@ -215,7 +215,7 @@ GEM multi_json (1.14.1) multi_xml (0.6.0) multipart-post (2.1.1) - nio4r (2.5.4) + nio4r (2.5.5) nokogiri (1.11.1) mini_portile2 (~> 2.5.0) racc (~> 1.4) @@ -276,18 +276,18 @@ GEM rack-test (1.1.0) rack (>= 1.0, < 3) railroady (1.5.3) - rails (5.2.4.4) - actioncable (= 5.2.4.4) - actionmailer (= 5.2.4.4) - actionpack (= 5.2.4.4) - actionview (= 5.2.4.4) - activejob (= 5.2.4.4) - activemodel (= 5.2.4.4) - activerecord (= 5.2.4.4) - activestorage (= 5.2.4.4) - activesupport (= 5.2.4.4) + rails (5.2.4.5) + actioncable (= 5.2.4.5) + actionmailer (= 5.2.4.5) + actionpack (= 5.2.4.5) + actionview (= 5.2.4.5) + activejob (= 5.2.4.5) + activemodel (= 5.2.4.5) + activerecord (= 5.2.4.5) + activestorage (= 5.2.4.5) + activesupport (= 5.2.4.5) bundler (>= 1.3.0) - railties (= 5.2.4.4) + railties (= 5.2.4.5) sprockets-rails (>= 2.0.0) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) @@ -301,14 +301,14 @@ GEM rails_stdout_logging rails_serve_static_assets (0.0.5) rails_stdout_logging (0.0.5) - railties (5.2.4.4) - actionpack (= 5.2.4.4) - activesupport (= 5.2.4.4) + railties (5.2.4.5) + actionpack (= 5.2.4.5) + activesupport (= 5.2.4.5) method_source rake (>= 0.8.7) thor (>= 0.19.0, < 2.0) rainbow (3.0.0) - rake (13.0.1) + rake (13.0.3) rb-fsevent (0.10.3) rb-inotify (0.10.1) ffi (~> 1.0) @@ -367,7 +367,7 @@ GEM spring-watcher-listen (2.0.1) listen (>= 2.7, < 4.0) spring (>= 1.2, < 3.0) - sprockets (3.7.2) + sprockets (4.0.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) sprockets-rails (3.2.2)