Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use Loofah 2.2.3 to address CVE-2018-16468 #74

Closed

Conversation

kaspergrubbe
Copy link

More info at flavorjones/loofah#154

@rails-bot
Copy link

Thanks for the pull request, and welcome! The Rails team is excited to review your changes, and you should hear from @kaspth (or someone else) soon.

If any changes to this PR are deemed necessary, please add them as extra commits. This ensures that the reviewer can see what has changed since they last reviewed the code. Due to the way GitHub handles out-of-date commits, this should also make it reasonably obvious what issues have or haven't been addressed. Large or tricky changes may require several passes of review and changes.

Please see the contribution instructions for more information.

@matthewd
Copy link
Member

Thanks, but we prefer not to bump our dependencies just to force upgrades of other libraries. This change is not needed for applications to begin using the new updated version.

@matthewd matthewd closed this Oct 31, 2018
@kaspergrubbe
Copy link
Author

Ok, I was following the example of @rafaelfranca here: f3ba1a8#diff-92136a8a78ef91cb482af8640395756dR20

Sorry for wasting your time.

@matthewd
Copy link
Member

No worries! That was a special case because we needed the new loofah plus our own change in order to fully address the issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants