BigW Consortium Gitlab

Commit 478f92d2 by Dmitriy Zaporozhets

Merge branch 'security_fixes' into 'master'

[security] gems update [doorkeeper] added filtering of sensitive information (like secret key) from production.log [gollum lib] remote code execution (in search field). We don't have search for wiki but it is better to have this fix. Nothing critical!!! related to #2143 See merge request !1732
parents c6dd117c 484524e0
......@@ -31,7 +31,7 @@ gem 'omniauth-shibboleth'
gem 'omniauth-kerberos'
gem 'omniauth-gitlab'
gem 'omniauth-bitbucket'
gem 'doorkeeper', '2.1.0'
gem 'doorkeeper', '2.1.3'
gem "rack-oauth2", "~> 1.0.5"
# Browser detection
......@@ -48,7 +48,7 @@ gem 'gitlab-grack', '~> 2.0.0.rc2', require: 'grack'
gem 'gitlab_omniauth-ldap', '1.2.1', require: "omniauth-ldap"
# Git Wiki
gem 'gollum-lib', '~> 4.0.0'
gem 'gollum-lib', '~> 4.0.2'
# Language detection
gem "gitlab-linguist", "~> 3.0.1", require: "linguist"
......
......@@ -136,8 +136,8 @@ GEM
diff-lcs (1.2.5)
diffy (3.0.3)
docile (1.1.5)
doorkeeper (2.1.0)
railties (>= 3.1)
doorkeeper (2.1.3)
railties (>= 3.2)
dotenv (0.9.0)
dropzonejs-rails (0.4.14)
rails (> 3.1)
......@@ -223,11 +223,11 @@ GEM
omniauth (~> 1.0)
pyu-ruby-sasl (~> 0.0.3.1)
rubyntlm (~> 0.3)
gollum-grit_adapter (0.1.0)
gitlab-grit (~> 2.7.1)
gollum-lib (4.0.0)
gollum-grit_adapter (0.1.3)
gitlab-grit (~> 2.7, >= 2.7.1)
gollum-lib (4.0.2)
github-markup (~> 1.3.1)
gollum-grit_adapter (~> 0.1.0)
gollum-grit_adapter (~> 0.1, >= 0.1.1)
nokogiri (~> 1.6.4)
rouge (~> 1.7.4)
sanitize (~> 2.1.0)
......@@ -480,7 +480,7 @@ GEM
rest-client (1.6.7)
mime-types (>= 1.16)
rinku (1.7.3)
rouge (1.7.4)
rouge (1.7.7)
rspec (2.99.0)
rspec-core (~> 2.99.0)
rspec-expectations (~> 2.99.0)
......@@ -683,7 +683,7 @@ DEPENDENCIES
devise (= 3.2.4)
devise-async (= 0.9.0)
diffy (~> 3.0.3)
doorkeeper (= 2.1.0)
doorkeeper (= 2.1.3)
dropzonejs-rails
email_spec
enumerize
......@@ -701,7 +701,7 @@ DEPENDENCIES
gitlab_git (~> 7.1.2)
gitlab_meta (= 7.0)
gitlab_omniauth-ldap (= 1.2.1)
gollum-lib (~> 4.0.0)
gollum-lib (~> 4.0.2)
gon (~> 5.0.0)
grape (~> 0.6.1)
grape-entity (~> 0.4.2)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment