Upgrade ActionView due to security alert
Reported by Marnen Laibow-Koser | December 3rd, 2013 @ 10:03 PM
Upgrade ActionView due to http://seclists.org/oss-sec/2013/q4/400
Comments and changes to this ticket
-
Marnen Laibow-Koser December 3rd, 2013 @ 10:10 PM
- Tag changed from “actionview, security, upgrade, urgent, v0.5.13” to “actionpack, security, upgrade, urgent, v0.5.13”
Actually, the gem in question is actionpack. Looks like there's no Rails 3.0 gem release, so we have to apply the patch given in that alert (and upgrade to Rails 3.2 soon).
-
Marnen Laibow-Koser December 3rd, 2013 @ 10:20 PM
The 3-0-stable branch of Rails has the appropriate commit. Using that.
-
Marnen Laibow-Koser December 3rd, 2013 @ 10:43 PM
(from [6e30dc5956ff5f1563fa254a5a4197972aea24c3]) Upgrade Rails to edge so as to include patch for CVE-2013-6414. [#89] https://github.com/marnen/quorum2/commit/6e30dc5956ff5f1563fa254a5a...
-
Marnen Laibow-Koser December 3rd, 2013 @ 10:43 PM
- State changed from “open” to “resolved”
Done. Will be in 0.5.13.
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create new ticket
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป
<p>This is the issue tracker for the Quorum calendar system. Also see our <a href="http://github.com/marnen/quorum2">Github repository</a> and our <a href="http://quorum2.sourceforge.net">project website</a>.</p>
<p>Please tag bug reports with <strong>bug</strong> and feature requests with <strong>feature</strong>. Use additional descriptive tags as necessary.</p>
Marnen Laibow-Koser
