Commit 478f92d2 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Merge branch 'security_fixes' into 'master'

[security] gems update

[doorkeeper] added filtering of sensitive information (like secret key) from production.log

[gollum lib] remote code execution (in search field). We don't have search for wiki but it is better to have this fix.

Nothing critical!!!

related to #2143

See merge request !1732
parents c6dd117c 484524e0
...@@ -31,7 +31,7 @@ gem 'omniauth-shibboleth' ...@@ -31,7 +31,7 @@ gem 'omniauth-shibboleth'
gem 'omniauth-kerberos' gem 'omniauth-kerberos'
gem 'omniauth-gitlab' gem 'omniauth-gitlab'
gem 'omniauth-bitbucket' gem 'omniauth-bitbucket'
gem 'doorkeeper', '2.1.0' gem 'doorkeeper', '2.1.3'
gem "rack-oauth2", "~> 1.0.5" gem "rack-oauth2", "~> 1.0.5"
# Browser detection # Browser detection
...@@ -48,7 +48,7 @@ gem 'gitlab-grack', '~> 2.0.0.rc2', require: 'grack' ...@@ -48,7 +48,7 @@ gem 'gitlab-grack', '~> 2.0.0.rc2', require: 'grack'
gem 'gitlab_omniauth-ldap', '1.2.1', require: "omniauth-ldap" gem 'gitlab_omniauth-ldap', '1.2.1', require: "omniauth-ldap"
# Git Wiki # Git Wiki
gem 'gollum-lib', '~> 4.0.0' gem 'gollum-lib', '~> 4.0.2'
# Language detection # Language detection
gem "gitlab-linguist", "~> 3.0.1", require: "linguist" gem "gitlab-linguist", "~> 3.0.1", require: "linguist"
......
...@@ -136,8 +136,8 @@ GEM ...@@ -136,8 +136,8 @@ GEM
diff-lcs (1.2.5) diff-lcs (1.2.5)
diffy (3.0.3) diffy (3.0.3)
docile (1.1.5) docile (1.1.5)
doorkeeper (2.1.0) doorkeeper (2.1.3)
railties (>= 3.1) railties (>= 3.2)
dotenv (0.9.0) dotenv (0.9.0)
dropzonejs-rails (0.4.14) dropzonejs-rails (0.4.14)
rails (> 3.1) rails (> 3.1)
...@@ -223,11 +223,11 @@ GEM ...@@ -223,11 +223,11 @@ GEM
omniauth (~> 1.0) omniauth (~> 1.0)
pyu-ruby-sasl (~> 0.0.3.1) pyu-ruby-sasl (~> 0.0.3.1)
rubyntlm (~> 0.3) rubyntlm (~> 0.3)
gollum-grit_adapter (0.1.0) gollum-grit_adapter (0.1.3)
gitlab-grit (~> 2.7.1) gitlab-grit (~> 2.7, >= 2.7.1)
gollum-lib (4.0.0) gollum-lib (4.0.2)
github-markup (~> 1.3.1) github-markup (~> 1.3.1)
gollum-grit_adapter (~> 0.1.0) gollum-grit_adapter (~> 0.1, >= 0.1.1)
nokogiri (~> 1.6.4) nokogiri (~> 1.6.4)
rouge (~> 1.7.4) rouge (~> 1.7.4)
sanitize (~> 2.1.0) sanitize (~> 2.1.0)
...@@ -480,7 +480,7 @@ GEM ...@@ -480,7 +480,7 @@ GEM
rest-client (1.6.7) rest-client (1.6.7)
mime-types (>= 1.16) mime-types (>= 1.16)
rinku (1.7.3) rinku (1.7.3)
rouge (1.7.4) rouge (1.7.7)
rspec (2.99.0) rspec (2.99.0)
rspec-core (~> 2.99.0) rspec-core (~> 2.99.0)
rspec-expectations (~> 2.99.0) rspec-expectations (~> 2.99.0)
...@@ -683,7 +683,7 @@ DEPENDENCIES ...@@ -683,7 +683,7 @@ DEPENDENCIES
devise (= 3.2.4) devise (= 3.2.4)
devise-async (= 0.9.0) devise-async (= 0.9.0)
diffy (~> 3.0.3) diffy (~> 3.0.3)
doorkeeper (= 2.1.0) doorkeeper (= 2.1.3)
dropzonejs-rails dropzonejs-rails
email_spec email_spec
enumerize enumerize
...@@ -701,7 +701,7 @@ DEPENDENCIES ...@@ -701,7 +701,7 @@ DEPENDENCIES
gitlab_git (~> 7.1.2) gitlab_git (~> 7.1.2)
gitlab_meta (= 7.0) gitlab_meta (= 7.0)
gitlab_omniauth-ldap (= 1.2.1) gitlab_omniauth-ldap (= 1.2.1)
gollum-lib (~> 4.0.0) gollum-lib (~> 4.0.2)
gon (~> 5.0.0) gon (~> 5.0.0)
grape (~> 0.6.1) grape (~> 0.6.1)
grape-entity (~> 0.4.2) grape-entity (~> 0.4.2)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment