Merge branch 'dev' of git.sleede.com:projets/fab-manager into dev

2025-02-19 13:54:25 +01:00 · 2018-06-04 12:05:10 +02:00 · 2018-06-04 12:05:10 +02:00 · e7f4c1ffcc
commit e7f4c1ffcc
parent d3da7a2d35 3e4e5e3e9b
2 changed files with 4 additions and 3 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -5,6 +5,7 @@
 - Upgraded ElasticSearch from 1.7 to 5.6
 - Updated OmniAuth to fix Hashie warnings [omniauth#872](https://github.com/omniauth/omniauth/issues/872)
 - Fix a security issue: dependency loofah has a vulnerability as described in [CVE-2018-8048](https://github.com/flavorjones/loofah/issues/144)
+- Fix a security issue: rails-html-sanitizer < 1.0.3 has a security vulnerability described in [CVE-2018-3741](https://nvd.nist.gov/vuln/detail/CVE-2018-3741)
 - Ensure elasticSearch indices are started with green status on new installations
 - [TODO DEPLOY] **REQUIRED** Please read [elastic_upgrade.md](doc/elastic_upgrade.md) for instructions on upgrading ElasticSearch. 

--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -136,7 +136,7 @@ GEM
      tins (>= 1.6.0, < 2)
    crack (0.4.3)
      safe_yaml (~> 1.0.0)
-    crass (1.0.3)
+    crass (1.0.4)
    daemons (1.2.4)
    database_cleaner (1.4.1)
    debug_inspector (0.0.3)
@ -337,8 +337,8 @@ GEM
      activesupport (>= 4.2.0.beta, < 5.0)
      nokogiri (~> 1.6)
      rails-deprecated_sanitizer (>= 1.0.1)
-    rails-html-sanitizer (1.0.3)
-      loofah (~> 2.0)
+    rails-html-sanitizer (1.0.4)
+      loofah (~> 2.2, >= 2.2.2)
    rails-observers (0.1.2)
      activemodel (~> 4.0)
    rails_12factor (0.0.3)