Merge branch 'security_fixes' into 'master'
[security] gems update [doorkeeper] added filtering of sensitive information (like secret key) from production.log [gollum lib] remote code execution (in search field). We don't have search for wiki but it is better to have this fix. Nothing critical!!! related to #2143 See merge request !1732
This commit is contained in:
commit
478f92d2c2
4
Gemfile
4
Gemfile
|
@ -31,7 +31,7 @@ gem 'omniauth-shibboleth'
|
||||||
gem 'omniauth-kerberos'
|
gem 'omniauth-kerberos'
|
||||||
gem 'omniauth-gitlab'
|
gem 'omniauth-gitlab'
|
||||||
gem 'omniauth-bitbucket'
|
gem 'omniauth-bitbucket'
|
||||||
gem 'doorkeeper', '2.1.0'
|
gem 'doorkeeper', '2.1.3'
|
||||||
gem "rack-oauth2", "~> 1.0.5"
|
gem "rack-oauth2", "~> 1.0.5"
|
||||||
|
|
||||||
# Browser detection
|
# Browser detection
|
||||||
|
@ -48,7 +48,7 @@ gem 'gitlab-grack', '~> 2.0.0.rc2', require: 'grack'
|
||||||
gem 'gitlab_omniauth-ldap', '1.2.1', require: "omniauth-ldap"
|
gem 'gitlab_omniauth-ldap', '1.2.1', require: "omniauth-ldap"
|
||||||
|
|
||||||
# Git Wiki
|
# Git Wiki
|
||||||
gem 'gollum-lib', '~> 4.0.0'
|
gem 'gollum-lib', '~> 4.0.2'
|
||||||
|
|
||||||
# Language detection
|
# Language detection
|
||||||
gem "gitlab-linguist", "~> 3.0.1", require: "linguist"
|
gem "gitlab-linguist", "~> 3.0.1", require: "linguist"
|
||||||
|
|
18
Gemfile.lock
18
Gemfile.lock
|
@ -136,8 +136,8 @@ GEM
|
||||||
diff-lcs (1.2.5)
|
diff-lcs (1.2.5)
|
||||||
diffy (3.0.3)
|
diffy (3.0.3)
|
||||||
docile (1.1.5)
|
docile (1.1.5)
|
||||||
doorkeeper (2.1.0)
|
doorkeeper (2.1.3)
|
||||||
railties (>= 3.1)
|
railties (>= 3.2)
|
||||||
dotenv (0.9.0)
|
dotenv (0.9.0)
|
||||||
dropzonejs-rails (0.4.14)
|
dropzonejs-rails (0.4.14)
|
||||||
rails (> 3.1)
|
rails (> 3.1)
|
||||||
|
@ -223,11 +223,11 @@ GEM
|
||||||
omniauth (~> 1.0)
|
omniauth (~> 1.0)
|
||||||
pyu-ruby-sasl (~> 0.0.3.1)
|
pyu-ruby-sasl (~> 0.0.3.1)
|
||||||
rubyntlm (~> 0.3)
|
rubyntlm (~> 0.3)
|
||||||
gollum-grit_adapter (0.1.0)
|
gollum-grit_adapter (0.1.3)
|
||||||
gitlab-grit (~> 2.7.1)
|
gitlab-grit (~> 2.7, >= 2.7.1)
|
||||||
gollum-lib (4.0.0)
|
gollum-lib (4.0.2)
|
||||||
github-markup (~> 1.3.1)
|
github-markup (~> 1.3.1)
|
||||||
gollum-grit_adapter (~> 0.1.0)
|
gollum-grit_adapter (~> 0.1, >= 0.1.1)
|
||||||
nokogiri (~> 1.6.4)
|
nokogiri (~> 1.6.4)
|
||||||
rouge (~> 1.7.4)
|
rouge (~> 1.7.4)
|
||||||
sanitize (~> 2.1.0)
|
sanitize (~> 2.1.0)
|
||||||
|
@ -480,7 +480,7 @@ GEM
|
||||||
rest-client (1.6.7)
|
rest-client (1.6.7)
|
||||||
mime-types (>= 1.16)
|
mime-types (>= 1.16)
|
||||||
rinku (1.7.3)
|
rinku (1.7.3)
|
||||||
rouge (1.7.4)
|
rouge (1.7.7)
|
||||||
rspec (2.99.0)
|
rspec (2.99.0)
|
||||||
rspec-core (~> 2.99.0)
|
rspec-core (~> 2.99.0)
|
||||||
rspec-expectations (~> 2.99.0)
|
rspec-expectations (~> 2.99.0)
|
||||||
|
@ -683,7 +683,7 @@ DEPENDENCIES
|
||||||
devise (= 3.2.4)
|
devise (= 3.2.4)
|
||||||
devise-async (= 0.9.0)
|
devise-async (= 0.9.0)
|
||||||
diffy (~> 3.0.3)
|
diffy (~> 3.0.3)
|
||||||
doorkeeper (= 2.1.0)
|
doorkeeper (= 2.1.3)
|
||||||
dropzonejs-rails
|
dropzonejs-rails
|
||||||
email_spec
|
email_spec
|
||||||
enumerize
|
enumerize
|
||||||
|
@ -701,7 +701,7 @@ DEPENDENCIES
|
||||||
gitlab_git (~> 7.1.2)
|
gitlab_git (~> 7.1.2)
|
||||||
gitlab_meta (= 7.0)
|
gitlab_meta (= 7.0)
|
||||||
gitlab_omniauth-ldap (= 1.2.1)
|
gitlab_omniauth-ldap (= 1.2.1)
|
||||||
gollum-lib (~> 4.0.0)
|
gollum-lib (~> 4.0.2)
|
||||||
gon (~> 5.0.0)
|
gon (~> 5.0.0)
|
||||||
grape (~> 0.6.1)
|
grape (~> 0.6.1)
|
||||||
grape-entity (~> 0.4.2)
|
grape-entity (~> 0.4.2)
|
||||||
|
|
Loading…
Reference in New Issue