Merge branch 'security_fixes' into 'master'

[security] gems update [doorkeeper] added filtering of sensitive information (like secret key) from production.log [gollum lib] remote code execution (in search field). We don't have search for wiki but it is better to have this fix. Nothing critical!!! related to #2143 See merge request !1732

Merge branch 'security_fixes' into 'master'
[security] gems update [doorkeeper] added filtering of sensitive information (like secret key) from production.log [gollum lib] remote code execution (in search field). We don't have search for wiki but it is better to have this fix. Nothing critical!!! related to #2143 See merge request !1732
478f92d2 · Dmitriy Zaporozhets · c6dd117c · 484524e0 · 478f92d2 · 478f92d2
Commit 478f92d2 authored Mar 20, 2015 by Dmitriy Zaporozhets
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 11 deletions

Gemfile Gemfile +2 -2

Gemfile.lock Gemfile.lock +9 -9

No files found.
--- a/Gemfile
+++ b/Gemfile
@@ -31,7 +31,7 @@ gem 'omniauth-shibboleth'
 gem 'omniauth-kerberos'
 gem 'omniauth-gitlab'
 gem 'omniauth-bitbucket'
-gem 'doorkeeper', '2.1.0'
+gem 'doorkeeper', '2.1.3'
 gem "rack-oauth2", "~> 1.0.5"

 # Browser detection
@@ -48,7 +48,7 @@ gem 'gitlab-grack', '~> 2.0.0.rc2', require: 'grack'
 gem 'gitlab_omniauth-ldap', '1.2.1', require: "omniauth-ldap"

 # Git Wiki
-gem 'gollum-lib', '~> 4.0.0'
+gem 'gollum-lib', '~> 4.0.2'

 # Language detection
 gem "gitlab-linguist", "~> 3.0.1", require: "linguist"

--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -136,8 +136,8 @@ GEM
    diff-lcs (1.2.5)
    diffy (3.0.3)
    docile (1.1.5)
-    doorkeeper (2.1.0)
-      railties (>= 3.1)
+    doorkeeper (2.1.3)
+      railties (>= 3.2)
    dotenv (0.9.0)
    dropzonejs-rails (0.4.14)
      rails (> 3.1)
@@ -223,11 +223,11 @@ GEM
      omniauth (~> 1.0)
      pyu-ruby-sasl (~> 0.0.3.1)
      rubyntlm (~> 0.3)
-    gollum-grit_adapter (0.1.0)
-      gitlab-grit (~> 2.7.1)
-    gollum-lib (4.0.0)
+    gollum-grit_adapter (0.1.3)
+      gitlab-grit (~> 2.7, >= 2.7.1)
+    gollum-lib (4.0.2)
      github-markup (~> 1.3.1)
-      gollum-grit_adapter (~> 0.1.0)
+      gollum-grit_adapter (~> 0.1, >= 0.1.1)
      nokogiri (~> 1.6.4)
      rouge (~> 1.7.4)
      sanitize (~> 2.1.0)
@@ -480,7 +480,7 @@ GEM
    rest-client (1.6.7)
      mime-types (>= 1.16)
    rinku (1.7.3)
-    rouge (1.7.4)
+    rouge (1.7.7)
    rspec (2.99.0)
      rspec-core (~> 2.99.0)
      rspec-expectations (~> 2.99.0)
@@ -683,7 +683,7 @@ DEPENDENCIES
  devise (= 3.2.4)
  devise-async (= 0.9.0)
  diffy (~> 3.0.3)
-  doorkeeper (= 2.1.0)
+  doorkeeper (= 2.1.3)
  dropzonejs-rails
  email_spec
  enumerize
@@ -701,7 +701,7 @@ DEPENDENCIES
  gitlab_git (~> 7.1.2)
  gitlab_meta (= 7.0)
  gitlab_omniauth-ldap (= 1.2.1)
-  gollum-lib (~> 4.0.0)
+  gollum-lib (~> 4.0.2)
  gon (~> 5.0.0)
  grape (~> 0.6.1)
  grape-entity (~> 0.4.2)