Bump json gem to a safe version for CVE-2013-0269, CVE-2013-0333
This commit is contained in:
parent
296db9272c
commit
3265c3faaa
1
Gemfile
1
Gemfile
|
@ -2,6 +2,7 @@ source :rubygems
|
|||
|
||||
gem "rails", "2.3.17"
|
||||
|
||||
gem "json", "~> 1.7.7"
|
||||
gem "coderay", "~> 0.9.7"
|
||||
gem "i18n", "~> 0.4.2"
|
||||
gem "rubytree", "~> 0.5.2", :require => 'tree'
|
||||
|
|
|
@ -165,3 +165,7 @@ module ActionView::Helpers::TagHelper
|
|||
ActiveSupport::Multibyte.clean(html.to_s).gsub(/[\"\'><]|&(?!([a-zA-Z]+|(#\d+));)/) { |special| ERB::Util::HTML_ESCAPE[special] }
|
||||
end
|
||||
end
|
||||
|
||||
# Workaround for CVE-2013-0333
|
||||
# https://groups.google.com/forum/?fromgroups=#!msg/rubyonrails-security/1h2DR63ViGo/GOUVafeaF1IJ
|
||||
ActiveSupport::JSON.backend = "JSONGem"
|
||||
|
|
Loading…
Reference in New Issue