Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

DEV: upgrade rack to version 2.2.3 

This is very minor, see: https://github.com/advisories/GHSA-j6w9-fv6q-3q52

An attacker can elevate own cookie usage to bypass server cookie restrictions

Technically this is a security commit, but the surface area is extremely
low, we do not expect any real world impact.
This commit is contained in:
Sam Saffron 2020-07-08 16:42:31 +10:00
parent 8af5194e39
commit bac25e6dd7
No known key found for this signature in database
GPG Key ID: B9606168D2FFD9F5
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Gemfile
View File

@ -128,7 +128,7 @@ gem 'mini_racer'
# TODO: determine why highline is being held back and upgrade to latest # TODO: determine why highline is being held back and upgrade to latest
gem 'highline', '~> 1.7.0', require: false gem 'highline', '~> 1.7.0', require: false
gem 'rack', '2.2.2' gem 'rack'
gem 'rack-protection' # security gem 'rack-protection' # security
gem 'cbor', require: false gem 'cbor', require: false

4
Gemfile.lock
View File

@ -268,7 +268,7 @@ GEM
puma (4.3.5) puma (4.3.5)
nio4r (~> 2.0) nio4r (~> 2.0)
r2 (0.2.7) r2 (0.2.7)
rack (2.2.2) rack (2.2.3)
rack-mini-profiler (2.0.2) rack-mini-profiler (2.0.2)
rack (>= 1.2.0) rack (>= 1.2.0)
rack-protection (2.0.8.1) rack-protection (2.0.8.1)
@ -518,7 +518,7 @@ DEPENDENCIES
pry-rails pry-rails
puma puma
r2 r2
rack (= 2.2.2) rack
rack-mini-profiler rack-mini-profiler
rack-protection rack-protection
rails_failover rails_failover