Upgrade attr_encrypted and encryptor
attr_encrypted (1.3.4 => 3.0.1) Changelog:
https://github.com/attr-encrypted/attr_encrypted/blob/master/CHANGELOG.m
d
attr_encrypted 2.x included a vulnerability, so that major version is
skipped. 3.x requires that the algorithm and mode used by each
encrypted attribute is specified explicitly.
`nil` is no longer a valid value for the encrypted_value_iv field, so
it’s changed to a randomly generated string.
Showing
... | ... | @@ -44,7 +44,7 @@ gem 'akismet', '~> 2.0' |
# Two-factor authentication | ||
gem 'devise-two-factor', '~> 3.0.0' | ||
gem 'rqrcode-rails3', '~> 0.1.7' | ||
gem 'attr_encrypted', '~> 1.3.4' | ||
gem 'attr_encrypted', '~> 3.0.0' | ||
# Browser detection | ||
gem "browser", '~> 1.0.0' | ||
... | ... |
Please
register
or
sign in
to comment