From f33cb184f9f38d2fb9ffaf9cb7256ea71f2d1630 Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Fri, 18 Dec 2015 10:08:00 -0800 Subject: [PATCH] Bump Rack Attack to v4.3.1 for security fix https://github.com/kickstarter/rack-attack/releases/tag/v4.3.1 --- CHANGELOG | 1 + Gemfile | 2 +- Gemfile.lock | 4 ++-- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 4fb867c969b..acad4644f5f 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,7 @@ Please view this file on the master branch, on stable branches it's out of date. v 8.3.0 (unreleased) + - Bump rack-attack to 4.3.1 for security fix (Stan Hu) - API support for starred projects for authorized user (Zeger-Jan van de Weg) - Add open_issues_count to project API (Stan Hu) - Expand character set of usernames created by Omniauth (Corey Hinshaw) diff --git a/Gemfile b/Gemfile index b23e274081b..76b4759499e 100644 --- a/Gemfile +++ b/Gemfile @@ -175,7 +175,7 @@ gem "sanitize", '~> 2.0' gem 'babosa', '~> 1.0.2' # Protect against bruteforcing -gem "rack-attack", '~> 4.3.0' +gem "rack-attack", '~> 4.3.1' # Ace editor gem 'ace-rails-ap', '~> 2.0.1' diff --git a/Gemfile.lock b/Gemfile.lock index 4dfff211134..88c7a6e3424 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -507,7 +507,7 @@ GEM rack (1.6.4) rack-accept (0.4.5) rack (>= 0.4) - rack-attack (4.3.0) + rack-attack (4.3.1) rack rack-cors (0.4.0) rack-mount (0.8.3) @@ -908,7 +908,7 @@ DEPENDENCIES poltergeist (~> 1.8.1) pry-rails quiet_assets (~> 1.0.2) - rack-attack (~> 4.3.0) + rack-attack (~> 4.3.1) rack-cors (~> 0.4.0) rack-oauth2 (~> 1.2.1) rails (= 4.2.4)