Fix: Update loofah

loofah Version: 2.2.2 Advisory: CVE-2018-16468 Criticality: Unknown URL: flavorjones/loofah#154 Title: Loofah XSS Vulnerability Solution: upgrade to >= 2.2.3
riseuplabs · Nov 6, 2018 · 4eb1337 · 4eb1337
1 parent 8a7a3de
commit 4eb1337
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 1 deletion.
diff --git a/Gemfile b/Gemfile
@@ -61,6 +61,15 @@ gem 'thinking-sphinx', '~> 3.4.2'
 # Enhanced Tagging lib. Used to tag pages
 gem 'acts-as-taggable-on', '~> 4.0'
 
+##
+# security updates
+##
+#
+# CVE-2018-16468 Criticality: Unknown URL:
+# https://github.com/flavorjones/loofah/issues/154 Title: Loofah XSS
+# Vulnerability
+gem 'loofah', '~> 2.2.3'
+
 ##
 # Upgrade pending
 ##

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -122,7 +122,7 @@ GEM
       activerecord (>= 4.1.0)
     json (1.8.6)
     libv8 (3.16.14.17)
-    loofah (2.2.2)
+    loofah (2.2.3)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     mail (2.7.0)
@@ -267,6 +267,7 @@ DEPENDENCIES
   http_accept_language (~> 2.0)
   i18n (~> 0.7)
   json (~> 1.8)
+  loofah (~> 2.2.3)
   mail-gpg (~> 0.3.3)
   mime-types
   minitest