Upgrade attr_encrypted and encryptor
attr_encrypted (1.3.4 => 3.0.1) Changelog: https://github.com/attr-encrypted/attr_encrypted/blob/master/CHANGELOG.m d attr_encrypted 2.x included a vulnerability, so that major version is skipped. 3.x requires that the algorithm and mode used by each encrypted attribute is specified explicitly. `nil` is no longer a valid value for the encrypted_value_iv field, so it’s changed to a randomly generated string.
Showing
... | @@ -44,7 +44,7 @@ gem 'akismet', '~> 2.0' | ... | @@ -44,7 +44,7 @@ gem 'akismet', '~> 2.0' |
# Two-factor authentication | # Two-factor authentication | ||
gem 'devise-two-factor', '~> 3.0.0' | gem 'devise-two-factor', '~> 3.0.0' | ||
gem 'rqrcode-rails3', '~> 0.1.7' | gem 'rqrcode-rails3', '~> 0.1.7' | ||
gem 'attr_encrypted', '~> 1.3.4' | gem 'attr_encrypted', '~> 3.0.0' | ||
# Browser detection | # Browser detection | ||
gem "browser", '~> 1.0.0' | gem "browser", '~> 1.0.0' | ||
... | ... |
Please register or sign in to comment