Merge branch 'security_fixes' into 'master'
[security] gems update [doorkeeper] added filtering of sensitive information (like secret key) from production.log [gollum lib] remote code execution (in search field). We don't have search for wiki but it is better to have this fix. Nothing critical!!! related to #2143 See merge request !1732
This commit is contained in:
commit
478f92d2c2
4
Gemfile
4
Gemfile
|
@ -31,7 +31,7 @@ gem 'omniauth-shibboleth'
|
|||
gem 'omniauth-kerberos'
|
||||
gem 'omniauth-gitlab'
|
||||
gem 'omniauth-bitbucket'
|
||||
gem 'doorkeeper', '2.1.0'
|
||||
gem 'doorkeeper', '2.1.3'
|
||||
gem "rack-oauth2", "~> 1.0.5"
|
||||
|
||||
# Browser detection
|
||||
|
@ -48,7 +48,7 @@ gem 'gitlab-grack', '~> 2.0.0.rc2', require: 'grack'
|
|||
gem 'gitlab_omniauth-ldap', '1.2.1', require: "omniauth-ldap"
|
||||
|
||||
# Git Wiki
|
||||
gem 'gollum-lib', '~> 4.0.0'
|
||||
gem 'gollum-lib', '~> 4.0.2'
|
||||
|
||||
# Language detection
|
||||
gem "gitlab-linguist", "~> 3.0.1", require: "linguist"
|
||||
|
|
18
Gemfile.lock
18
Gemfile.lock
|
@ -136,8 +136,8 @@ GEM
|
|||
diff-lcs (1.2.5)
|
||||
diffy (3.0.3)
|
||||
docile (1.1.5)
|
||||
doorkeeper (2.1.0)
|
||||
railties (>= 3.1)
|
||||
doorkeeper (2.1.3)
|
||||
railties (>= 3.2)
|
||||
dotenv (0.9.0)
|
||||
dropzonejs-rails (0.4.14)
|
||||
rails (> 3.1)
|
||||
|
@ -223,11 +223,11 @@ GEM
|
|||
omniauth (~> 1.0)
|
||||
pyu-ruby-sasl (~> 0.0.3.1)
|
||||
rubyntlm (~> 0.3)
|
||||
gollum-grit_adapter (0.1.0)
|
||||
gitlab-grit (~> 2.7.1)
|
||||
gollum-lib (4.0.0)
|
||||
gollum-grit_adapter (0.1.3)
|
||||
gitlab-grit (~> 2.7, >= 2.7.1)
|
||||
gollum-lib (4.0.2)
|
||||
github-markup (~> 1.3.1)
|
||||
gollum-grit_adapter (~> 0.1.0)
|
||||
gollum-grit_adapter (~> 0.1, >= 0.1.1)
|
||||
nokogiri (~> 1.6.4)
|
||||
rouge (~> 1.7.4)
|
||||
sanitize (~> 2.1.0)
|
||||
|
@ -480,7 +480,7 @@ GEM
|
|||
rest-client (1.6.7)
|
||||
mime-types (>= 1.16)
|
||||
rinku (1.7.3)
|
||||
rouge (1.7.4)
|
||||
rouge (1.7.7)
|
||||
rspec (2.99.0)
|
||||
rspec-core (~> 2.99.0)
|
||||
rspec-expectations (~> 2.99.0)
|
||||
|
@ -683,7 +683,7 @@ DEPENDENCIES
|
|||
devise (= 3.2.4)
|
||||
devise-async (= 0.9.0)
|
||||
diffy (~> 3.0.3)
|
||||
doorkeeper (= 2.1.0)
|
||||
doorkeeper (= 2.1.3)
|
||||
dropzonejs-rails
|
||||
email_spec
|
||||
enumerize
|
||||
|
@ -701,7 +701,7 @@ DEPENDENCIES
|
|||
gitlab_git (~> 7.1.2)
|
||||
gitlab_meta (= 7.0)
|
||||
gitlab_omniauth-ldap (= 1.2.1)
|
||||
gollum-lib (~> 4.0.0)
|
||||
gollum-lib (~> 4.0.2)
|
||||
gon (~> 5.0.0)
|
||||
grape (~> 0.6.1)
|
||||
grape-entity (~> 0.4.2)
|
||||
|
|
Loading…
Reference in New Issue