Merge branch 'security_fixes' into 'master'
[security] gems update [doorkeeper] added filtering of sensitive information (like secret key) from production.log [gollum lib] remote code execution (in search field). We don't have search for wiki but it is better to have this fix. Nothing critical!!! related to #2143 See merge request !1732
Showing
... | @@ -31,7 +31,7 @@ gem 'omniauth-shibboleth' | ... | @@ -31,7 +31,7 @@ gem 'omniauth-shibboleth' |
gem 'omniauth-kerberos' | gem 'omniauth-kerberos' | ||
gem 'omniauth-gitlab' | gem 'omniauth-gitlab' | ||
gem 'omniauth-bitbucket' | gem 'omniauth-bitbucket' | ||
gem 'doorkeeper', '2.1.0' | gem 'doorkeeper', '2.1.3' | ||
gem "rack-oauth2", "~> 1.0.5" | gem "rack-oauth2", "~> 1.0.5" | ||
# Browser detection | # Browser detection | ||
... | @@ -48,7 +48,7 @@ gem 'gitlab-grack', '~> 2.0.0.rc2', require: 'grack' | ... | @@ -48,7 +48,7 @@ gem 'gitlab-grack', '~> 2.0.0.rc2', require: 'grack' |
gem 'gitlab_omniauth-ldap', '1.2.1', require: "omniauth-ldap" | gem 'gitlab_omniauth-ldap', '1.2.1', require: "omniauth-ldap" | ||
# Git Wiki | # Git Wiki | ||
gem 'gollum-lib', '~> 4.0.0' | gem 'gollum-lib', '~> 4.0.2' | ||
# Language detection | # Language detection | ||
gem "gitlab-linguist", "~> 3.0.1", require: "linguist" | gem "gitlab-linguist", "~> 3.0.1", require: "linguist" | ||
... | ... |
Please register or sign in to comment