upgrade to libxml2 2.9.4 and libxslt 1.1.29 #1473
Milestone
Comments
|
Finally got these libraries to build properly on all our combinations of windows and cross-compiled windows. This will be in 1.6.8 final, due out later today. |
gabebw
added a commit
to thoughtbot/upcase
that referenced
this issue
Jun 7, 2016
From bundler-audit:
Name: nokogiri
Version: 1.6.7.2
Advisory: CVE-2015-8806
Criticality: Unknown
URL: sparklemotion/nokogiri#1473
Title: Denial of service or RCE from libxml2 and libxslt
Solution: upgrade to >= 1.6.8
david-a-wheeler
added a commit
to coreinfrastructure/best-practices-badge
that referenced
this issue
Jun 7, 2016
Update gem nokogiri from 1.6.7.2 to version 1.6.8. This update was reported to us by our usual bundle-audit dependency analysis process (part of the default 'rake' process), It reported that nokogiri 1.6.7.2 had advisory CVE-2015-8806, title "Denial of service or RCE from libxml2 and libxslt". We don't know if it's exploitable in our configuration, but it's better to upgrade than do the analysis. Those interested can see more at: sparklemotion/nokogiri#1473 This caused us to upgrade pkg-config, which required a licensing decision (included in the commit). This whitelists LGPLv2+, since that's a known OSI license that's compatible with the MIT license. Signed-off-by: David A. Wheeler <[email protected]>
c-lliope
added a commit
to codeforamerica/crisisresponse
that referenced
this issue
Jun 7, 2016
## Problem: Running `bundle-audit` gave: ``` Name: nokogiri Version: 1.6.7.2 Advisory: CVE-2015-8806 Criticality: Unknown URL: sparklemotion/nokogiri#1473 Title: Denial of service or RCE from libxml2 and libxslt Solution: upgrade to >= 1.6.8 Vulnerabilities found! ``` ## Solution: Run `bundle udpate nokogiri`
edwardloveall
added a commit
to edwardloveall/portfolio
that referenced
this issue
Jun 7, 2016
A security vulnerability was fixed: sparklemotion/nokogiri#1473
edwardloveall
added a commit
to edwardloveall/portfolio
that referenced
this issue
Jun 8, 2016
A security vulnerability was fixed: sparklemotion/nokogiri#1473
|
After
Is this expected behavior? |
|
@saizai You're asking a question about how But yes, that's expected of bundler and git. |
|
@saizai to be more specific, if you look at the which indicates that they're similar enough to be treated as a rename, but they're clearly different files (similarity index 53%). If you have more questions, I urge you to look into how git handles these cases. |
Davidslv
pushed a commit
to alphagov/collections-publisher
that referenced
this issue
Jun 9, 2016
This is a security update sparklemotion/nokogiri#1473 Even though it's only used by capybara to run our test suite we don't want to see the alerts in our security audit.
dentarg
added a commit
to dentarg/skuld
that referenced
this issue
Jun 10, 2016
$ bundle-audit check
Name: nokogiri
Version: 1.6.7.2
Advisory: CVE-2015-8806
Criticality: Unknown
URL: sparklemotion/nokogiri#1473
Title: Denial of service or RCE from libxml2 and libxslt
Solution: upgrade to >= 1.6.8
Vulnerabilities found!
grantspeelman
added a commit
to my-grocery-price-book/www
that referenced
this issue
Jun 11, 2016
Name: nokogiri Version: 1.6.7.2 Advisory: CVE-2015-8806 Criticality: Unknown URL: sparklemotion/nokogiri#1473 Title: Denial of service or RCE from libxml2 and libxslt Solution: upgrade to >= 1.6.8
|
@flavorjones Thanks for the explanation. I naïvely thought that "rename" meant "binary equal", not something that fuzzy. |
AdrianCann
added a commit
to sophomoric/secret
that referenced
this issue
Jun 13, 2016
* Security issue from ruby advisory: sparklemotion/nokogiri#1473 Denial of service or RCE from libxml2 and libxslt Solution: upgrade to >= 1.6.8
c-lliope
added a commit
to c4lliope/osbot
that referenced
this issue
Jun 14, 2016
## Problem: The `bundle-audit` command reported a vulnerability in nokogiri: ``` Name: nokogiri Version: 1.6.7.2 Advisory: CVE-2015-8806 Criticality: Unknown URL: sparklemotion/nokogiri#1473 Title: Denial of service or RCE from libxml2 and libxslt Solution: upgrade to >= 1.6.8 Vulnerabilities found! ``` ## Solution: Run `bundle update nokogiri`
c-lliope
pushed a commit
to c4lliope/osbot
that referenced
this issue
Jun 14, 2016
## Problem: The `bundle-audit` command reported a vulnerability in nokogiri: ``` Name: nokogiri Version: 1.6.7.2 Advisory: CVE-2015-8806 Criticality: Unknown URL: sparklemotion/nokogiri#1473 Title: Denial of service or RCE from libxml2 and libxslt Solution: upgrade to >= 1.6.8 Vulnerabilities found! ``` ## Solution: Run `bundle update nokogiri`
wilsonsilva
added a commit
to wilsonsilva/grape-embryo
that referenced
this issue
Jul 4, 2016
macdiesel
added a commit
to openedx/cs_comments_service
that referenced
this issue
Jul 5, 2016
satoryu
added a commit
to satoryu/longpage
that referenced
this issue
Jul 6, 2016
The security issue is fixed in this version. See also sparklemotion/nokogiri#1473
teoljungberg
added a commit
to thoughtbot/administrate
that referenced
this issue
Jul 7, 2016
To quell the CVE: ``` Name: nokogiri Version: 1.6.7.2 Advisory: CVE-2015-8806 Criticality: Unknown URL: sparklemotion/nokogiri#1473 Title: Denial of service or RCE from libxml2 and libxslt Solution: upgrade to >= 1.6.8 ```
carvil
pushed a commit
to alphagov/content-tagger
that referenced
this issue
Jul 20, 2016
This is a security update sparklemotion/nokogiri#1473 Even though it's only used by capybara to run our test suite we don't want to see the alerts in our security audit.
c-lliope
added a commit
to assembleco/colors
that referenced
this issue
Sep 5, 2016
## Problem `bundle-audit` reported some vulnerabilities: ``` ruby-advisory-db: 273 advisories Name: actionpack Version: 4.2.5 Advisory: CVE-2015-7576 Criticality: Unknown URL: https://groups.google.com/forum/#!topic/rubyonrails-security/ANv0HDHEC3k Title: Timing attack vulnerability in basic authentication in Action Controller. Solution: upgrade to ~> 5.0.0.beta1.1, >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14, ~> 3.2.22.1 Name: actionpack Version: 4.2.5 Advisory: CVE-2015-7581 Criticality: Unknown URL: https://groups.google.com/forum/#!topic/rubyonrails-security/dthJ5wL69JE Title: Object leak vulnerability for wildcard controller routes in Action Pack Solution: upgrade to >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14 Name: actionpack Version: 4.2.5 Advisory: CVE-2016-0751 Criticality: Unknown URL: https://groups.google.com/forum/#!topic/rubyonrails-security/9oLY_FCzvoc Title: Possible Object Leak and Denial of Service attack in Action Pack Solution: upgrade to ~> 5.0.0.beta1.1, >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14, ~> 3.2.22.1 Name: actionpack Version: 4.2.5 Advisory: CVE-2016-2098 Criticality: Unknown URL: https://groups.google.com/forum/#!topic/rubyonrails-security/ly-IH-fxr_Q Title: Possible remote code execution vulnerability in Action Pack Solution: upgrade to ~> 3.2.22.2, >= 4.2.5.2, ~> 4.2.5, >= 4.1.14.2, ~> 4.1.14 Name: actionview Version: 4.2.5 Advisory: CVE-2016-0752 Criticality: Unknown URL: https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00 Title: Possible Information Leak Vulnerability in Action View Solution: upgrade to ~> 5.0.0.beta1.1, >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14, ~> 3.2.22.1 Name: actionview Version: 4.2.5 Advisory: CVE-2016-6316 Criticality: Unknown URL: https://groups.google.com/forum/#!topic/rubyonrails-security/I-VWr034ouk Title: Possible XSS Vulnerability in Action View Solution: upgrade to ~> 3.2.22.3, ~> 4.2.7.1, >= 5.0.0.1 Name: activemodel Version: 4.2.5 Advisory: CVE-2016-0753 Criticality: Unknown URL: https://groups.google.com/forum/#!topic/rubyonrails-security/6jQVC1geukQ Title: Possible Input Validation Circumvention in Active Model Solution: upgrade to ~> 5.0.0.beta1.1, >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14 Name: activerecord Version: 4.2.5 Advisory: CVE-2015-7577 Criticality: Unknown URL: https://groups.google.com/forum/#!topic/rubyonrails-security/cawsWcQ6c8g Title: Nested attributes rejection proc bypass in Active Record Solution: upgrade to ~> 5.0.0.beta1.1, >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14, ~> 3.2.22.1 Name: activerecord Version: 4.2.5 Advisory: CVE-2016-6317 Criticality: Unknown URL: https://groups.google.com/forum/#!topic/rubyonrails-security/rgO20zYW33s Title: Unsafe Query Generation Risk in Active Record Solution: upgrade to ~> 4.2.7.1 Name: nokogiri Version: 1.6.7 Advisory: CVE-2015-5312 Criticality: High URL: https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s Title: Nokogiri gem contains several vulnerabilities in libxml2 Solution: upgrade to >= 1.6.7.1 Name: nokogiri Version: 1.6.7 Advisory: CVE-2015-7499 Criticality: Medium URL: https://groups.google.com/forum/#!topic/ruby-security-ann/Dy7YiKb_pMM Title: Nokogiri gem contains a heap-based buffer overflow vulnerability in libxml2 Solution: upgrade to >= 1.6.7.2 Name: nokogiri Version: 1.6.7 Advisory: CVE-2015-8806 Criticality: Unknown URL: sparklemotion/nokogiri#1473 Title: Denial of service or RCE from libxml2 and libxslt Solution: upgrade to >= 1.6.8 Name: rails-html-sanitizer Version: 1.0.2 Advisory: CVE-2015-7578 Criticality: Unknown URL: https://groups.google.com/forum/#!topic/rubyonrails-security/uh--W4TDwmI Title: Possible XSS vulnerability in rails-html-sanitizer Solution: upgrade to ~> 1.0.3 Name: rails-html-sanitizer Version: 1.0.2 Advisory: CVE-2015-7580 Criticality: Unknown URL: https://groups.google.com/forum/#!topic/rubyonrails-security/uh--W4TDwmI Title: Possible XSS vulnerability in rails-html-sanitizer Solution: upgrade to ~> 1.0.3 Vulnerabilities found! ``` ## Solution Update Rails to version 5, along with associated gems.
CloCkWeRX
added a commit
to CloCkWeRX/OpenFarm
that referenced
this issue
Sep 14, 2016
Version: 1.6.6.1 Advisory: CVE-2015-1819 Criticality: Unknown URL: sparklemotion/nokogiri#1374 Title: Nokogiri gem contains several vulnerabilities in libxml2 and libxslt Solution: upgrade to ~> 1.6.6.4, >= 1.6.7.rc4 Name: nokogiri Version: 1.6.6.1 Advisory: CVE-2015-8806 Criticality: Unknown URL: sparklemotion/nokogiri#1473 Title: Denial of service or RCE from libxml2 and libxslt Solution: upgrade to >= 1.6.8 Name: nokogiri Version: 1.6.6.1 Advisory: CVE-2015-7499 Criticality: Medium URL: https://groups.google.com/forum/#!topic/ruby-security-ann/Dy7YiKb_pMM Title: Nokogiri gem contains a heap-based buffer overflow vulnerability in libxml2 Solution: upgrade to >= 1.6.7.2 Name: nokogiri Version: 1.6.6.1 Advisory: CVE-2015-5312 Criticality: High URL: https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s Title: Nokogiri gem contains several vulnerabilities in libxml2 Solution: upgrade to >= 1.6.7.1
TanSA05
pushed a commit
to TanSA05/OpenFarm
that referenced
this issue
Sep 29, 2016
Version: 1.6.6.1 Advisory: CVE-2015-1819 Criticality: Unknown URL: sparklemotion/nokogiri#1374 Title: Nokogiri gem contains several vulnerabilities in libxml2 and libxslt Solution: upgrade to ~> 1.6.6.4, >= 1.6.7.rc4 Name: nokogiri Version: 1.6.6.1 Advisory: CVE-2015-8806 Criticality: Unknown URL: sparklemotion/nokogiri#1473 Title: Denial of service or RCE from libxml2 and libxslt Solution: upgrade to >= 1.6.8 Name: nokogiri Version: 1.6.6.1 Advisory: CVE-2015-7499 Criticality: Medium URL: https://groups.google.com/forum/#!topic/ruby-security-ann/Dy7YiKb_pMM Title: Nokogiri gem contains a heap-based buffer overflow vulnerability in libxml2 Solution: upgrade to >= 1.6.7.2 Name: nokogiri Version: 1.6.6.1 Advisory: CVE-2015-5312 Criticality: High URL: https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s Title: Nokogiri gem contains several vulnerabilities in libxml2 Solution: upgrade to >= 1.6.7.1
fwolfst
pushed a commit
to fwolfst/administrate
that referenced
this issue
Mar 8, 2017
To quell the CVE: ``` Name: nokogiri Version: 1.6.7.2 Advisory: CVE-2015-8806 Criticality: Unknown URL: sparklemotion/nokogiri#1473 Title: Denial of service or RCE from libxml2 and libxslt Solution: upgrade to >= 1.6.8 ```
edwardloveall
added a commit
to rouge-ruby/rouge.jneen.net
that referenced
this issue
May 11, 2017
Mainly updated three gems for the following security reasons actionview: https://groups.google.com/forum/#!topic/rubyonrails-security/I-VWr034ouk activerecord: https://groups.google.com/forum/#!topic/rubyonrails-security/rgO20zYW33s nokogiri: sparklemotion/nokogiri#1473 sparklemotion/nokogiri#1615
AdrianCann
added a commit
to sophomoric/secret
that referenced
this issue
Jul 22, 2017
* Travis is failing because ruby-advisory-db warning say nokogiri is out of date and has vulnerabilities. sparklemotion/nokogiri#1615 sparklemotion/nokogiri#1634 sparklemotion/nokogiri#1473 * Also updated capybara-webkit which uses nokogiri
stanford-online-robot
added a commit
to Stanford-Online/cs_comments_service
that referenced
this issue
Sep 21, 2017
* origin/master: Remove superfluous newlines Fix scope syntax Revert "Updating bundler on Travis" Install newrelic_rpm to < 4.0 Load app.rb from Rakefile to fix reindex. Fix typo in reindex task Pin the ES container to the current version we support. tests failures, travis cache could be the culprit moving docker compose file to .travis dir Make the ruby linking error go away. Run tests using the es and mongo containers with docker-compose. use 16.04 latest docker image for forums Add a default response size and a response size limit. Add method tracing inside user. Inline respec expected values. Fix respec tests. Remove sort order. MA-2139: Mark thread as read on thread and comment creation/update/actions Specify an owner Add an OEP-2 compliant openedx.yaml file Add the ability to request a thread without its responses. MA-2678: replace use of 'updated_at' for 'read' state Try plucking instead of mapping. Don't need to require NR method tracer; we're not tracing any methods. Back to what it was. Faster that way. -_- Clean up usages of Mongoid to generate cleaner code / queries. Add tracing to #to_hash for Comment/CommentThread. Revert "Merge pull request openedx#196 from edx/platform/upgrade-to-ruby23" Use proper relations instead of forcefully loading relations by hand. Wait 10s after starting ElasticSearch. Wait 10s for ES to come online. Try waiting 10s for ES to come online. Switch to 2.3.0 since that's what rbenv currently supports. Upgrade to Ruby 2.3.1 Switch to using MongoDB 3.0 in tests. Add message for rack config load. Fix new relic traces. Revert "Replaced Tire with elasticsearch-model" Updated the Mongoid configuration options Update new relic agent and fix. Reduced merges, do them in place, and reduce allocations. Handle comment context in cases of missing parent thread. Upgrade nokogiri to address security issues in libxml2 sparklemotion/nokogiri#1473 MA-2419: created endpoint to mark thread as read for user Replaced Tire with elasticsearch-model return thread's last_activity_at in response object for thread endpoints jia/MA-1815 retrieve count for child comments Update newrelic plugin. MA-1930 add thread count in GET updating nokogiri Updated Commentable API spec Partially Cleaned Comment Thread API tests Refactored rake tasks Removed broken rake tasks Updated Query spec Updated i18n spec Updated Abuse API spec Updated Comment API spec Added factory_girl Organized rake tasks into separate files Added binstubs Updated spec_helper removing version data removed in error merge conflict fixing merge conflict update xml lib on top of mongo changes Cleaned Content model Cleaned Comment model Cleaned CommentThread model Re-organized Elasticsearch and DatabaseCleaner rspec configuration Running MongoDB and Elasticsearch as daemons Added rspec rake task Added Codecov coverage tracking Updated README Ignoring JetBrains artifacts Replaced .rvmrc with .ruby-version and .ruby-gemset Add Clinton Blackburn as an author Caching bundler dependencies Updating bundler on Travis generated new Gemfile.lock using the version of bundler that is preferred by edx dev-ops Upgrade Mongoid to 5.x release jia/MA-1748 update read states for users MA-1742; return read status on GET thread for user_id provided MA-1190;Thread PUT - update thread read status Increased timeout back to 20s. Added relevant docstring MA-1189 ThreadGET - added recursive bool field to optionally include response comments MA-1359 returned resp_total for existing question and new thread changed timeout to 6 seconds Added last_activity_at index
havenwood
added a commit
to havenwood/connect-api-examples
that referenced
this issue
Dec 7, 2017
Name: actionview Version: 4.2.6 Advisory: CVE-2016-6316 URL: https://groups.google.com/forum/#!topic/rubyonrails-security/I-VWr034ouk Title: Possible XSS Vulnerability in Action View Solution: upgrade to ~> 4.2.7.1, ~> 4.2.8, >= 5.0.0.1 Name: activerecord Version: 4.2.6 Advisory: CVE-2016-6317 URL: https://groups.google.com/forum/#!topic/rubyonrails-security/rgO20zYW33s Title: Unsafe Query Generation Risk in Active Record Solution: upgrade to >= 4.2.7.1 Name: nokogiri Version: 1.6.7.2 Advisory: CVE-2017-9050 URL: sparklemotion/nokogiri#1673 Title: Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities Solution: upgrade to >= 1.8.1 Name: nokogiri Version: 1.6.7.2 Advisory: CVE-2016-4658 URL: sparklemotion/nokogiri#1615 Title: Nokogiri gem contains several vulnerabilities in libxml2 and libxslt Solution: upgrade to >= 1.7.1 Name: nokogiri Version: 1.6.7.2 Advisory: CVE-2015-8806 URL: sparklemotion/nokogiri#1473 Title: Denial of service or RCE from libxml2 and libxslt Solution: upgrade to >= 1.6.8 Name: nokogiri Version: 1.6.7.2 Advisory: CVE-2017-5029 URL: sparklemotion/nokogiri#1634 Title: Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29 Solution: upgrade to >= 1.7.2
stanford-online-robot
added a commit
to Stanford-Online/cs_comments_service
that referenced
this issue
Apr 12, 2019
* origin/rc: (129 commits) NewRelic as optional dependency Add error handling around Elasticsearch update/delete. fix TLS for forums + NR agent update + ignore heartbeat add newrelic include Fix Dont Blank out comment thread documents as well as comment documents. Change the text used to replace the content. Ensure that comments are processed in tests. Handle non-existent user and missing param upon retiring user. Shift from deprecated should to expect syntax. Add user retirement API endpoint to remove forum post content. Add ability to change author_username in content. try fix? Fix typo in dockerhub repo name EDUCATOR-1912 | Upgrade yajl-ruby to 1.3.1 Update flagged API call to match will_paginate version EDUCATOR-162 | Pin activemodel to 4.2.8 in Gemfile. EDUCATOR-232 | Upgrade nokogiri to 1.8.1 Fix logging errors Fix logging errors EDUCATOR-313: Bump ruby to 2.4.1; Use latest newrelic_rpm package; Add test-forum docker-compose service. Fixed issues with app.rb require Update image reference for Travis Add support for Elasticsearch 1.5.2 Remove superfluous newlines Fix scope syntax Revert "Updating bundler on Travis" Remove trace_execution_scoped blocks Add logging of LoadError in relation to missing NewRelic module Wrap newrelic calls in a rescue block Update development db to match others. We're using 3.0.14 in prod, test with that Install newrelic_rpm to < 4.0 Install newrelic_rpm to < 4.0 Enhance logging. Verify that ES is configured properly before starting Adjust and add search rake tasks. Minor changes to rebuild_index. Better filtering for rake search:initialize behavior Partially updated Search API spec Replaced Tire with elasticsearch-model Load app.rb from Rakefile to fix reindex. Fix typo in reindex task Load app.rb from Rakefile to fix reindex. Fix typo in reindex task Pin the ES container to the current version we support. tests failures, travis cache could be the culprit moving docker compose file to .travis dir Make the ruby linking error go away. Run tests using the es and mongo containers with docker-compose. use 16.04 latest docker image for forums Add a default response size and a response size limit. Add method tracing inside user. Inline respec expected values. Fix respec tests. Remove sort order. MA-2139: Mark thread as read on thread and comment creation/update/actions Specify an owner Add an OEP-2 compliant openedx.yaml file Add the ability to request a thread without its responses. MA-2678: replace use of 'updated_at' for 'read' state Try plucking instead of mapping. Don't need to require NR method tracer; we're not tracing any methods. Back to what it was. Faster that way. -_- Clean up usages of Mongoid to generate cleaner code / queries. Add tracing to #to_hash for Comment/CommentThread. Revert "Merge pull request openedx#196 from edx/platform/upgrade-to-ruby23" Use proper relations instead of forcefully loading relations by hand. Wait 10s after starting ElasticSearch. Wait 10s for ES to come online. Try waiting 10s for ES to come online. Switch to 2.3.0 since that's what rbenv currently supports. Upgrade to Ruby 2.3.1 Switch to using MongoDB 3.0 in tests. Add message for rack config load. Fix new relic traces. Revert "Replaced Tire with elasticsearch-model" Updated the Mongoid configuration options Update new relic agent and fix. Reduced merges, do them in place, and reduce allocations. Handle comment context in cases of missing parent thread. Upgrade nokogiri to address security issues in libxml2 sparklemotion/nokogiri#1473 MA-2419: created endpoint to mark thread as read for user Replaced Tire with elasticsearch-model return thread's last_activity_at in response object for thread endpoints jia/MA-1815 retrieve count for child comments Update newrelic plugin. MA-1930 add thread count in GET updating nokogiri Updated Commentable API spec Partially Cleaned Comment Thread API tests Refactored rake tasks Removed broken rake tasks Updated Query spec Updated i18n spec Updated Abuse API spec Updated Comment API spec Added factory_girl Organized rake tasks into separate files Added binstubs ...
svqualitydev
pushed a commit
to svqualitydev/admin-cms
that referenced
this issue
Dec 16, 2019
To quell the CVE: ``` Name: nokogiri Version: 1.6.7.2 Advisory: CVE-2015-8806 Criticality: Unknown URL: sparklemotion/nokogiri#1473 Title: Denial of service or RCE from libxml2 and libxslt Solution: upgrade to >= 1.6.8 ```
KingTiger001
added a commit
to KingTiger001/admin-Rails-project
that referenced
this issue
Jan 15, 2023
To quell the CVE: ``` Name: nokogiri Version: 1.6.7.2 Advisory: CVE-2015-8806 Criticality: Unknown URL: sparklemotion/nokogiri#1473 Title: Denial of service or RCE from libxml2 and libxslt Solution: upgrade to >= 1.6.8 ```
couponsdiscountspromocodesdiscounts
added a commit
to couponsdiscountspromocodesdiscounts/administrate
that referenced
this issue
Aug 16, 2024
To quell the CVE: ``` Name: nokogiri Version: 1.6.7.2 Advisory: CVE-2015-8806 Criticality: Unknown URL: sparklemotion/nokogiri#1473 Title: Denial of service or RCE from libxml2 and libxslt Solution: upgrade to >= 1.6.8 ```
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
both of which contain security fixes.
The text was updated successfully, but these errors were encountered: