Bump json gem to a safe version for CVE-2013-0269, CVE-2013-0333

2013-02-12 12:49:00 +01:00 · 2013-02-12 12:49:00 +01:00 · 3265c3faaa
parent 296db9272c
commit 3265c3faaa
2 changed files with 5 additions and 0 deletions
--- a/1
+++ b/1
@ -2,6 +2,7 @@ source :rubygems

 gem "rails", "2.3.17"

+gem "json", "~> 1.7.7"
 gem "coderay", "~> 0.9.7"
 gem "i18n", "~> 0.4.2"
 gem "rubytree", "~> 0.5.2", :require => 'tree'
--- a/config/initializers/10-patches.rb
+++ b/config/initializers/10-patches.rb
@ -165,3 +165,7 @@ module ActionView::Helpers::TagHelper
    ActiveSupport::Multibyte.clean(html.to_s).gsub(/[\"\'><]|&(?!([a-zA-Z]+|(#\d+));)/) { |special| ERB::Util::HTML_ESCAPE[special] }
  end
 end
+
+# Workaround for CVE-2013-0333
+# https://groups.google.com/forum/?fromgroups=#!msg/rubyonrails-security/1h2DR63ViGo/GOUVafeaF1IJ
+ActiveSupport::JSON.backend = "JSONGem"