Bump json gem to a safe version for CVE-2013-0269, CVE-2013-0333

2013-02-12 12:49:00 +01:00 · 2013-02-12 12:49:00 +01:00 · 6d3dc6e619
parent 0b567641bc
commit 6d3dc6e619
2 changed files with 5 additions and 0 deletions
--- a/1
+++ b/1
@ -3,6 +3,7 @@ source :rubygems

 gem "rails", "2.3.17"

+gem "json", "~> 1.7.7"
 gem "coderay", "~> 1.0.0"
 gem "i18n", "~> 0.4.2"
 gem "rubytree", "~> 0.5.2", :require => 'tree'
--- a/config/initializers/10-patches.rb
+++ b/config/initializers/10-patches.rb
@ -212,3 +212,7 @@ module ActionView::Helpers::TagHelper
    ActiveSupport::Multibyte.clean(html.to_s).gsub(/[\"\'><]|&(?!([a-zA-Z]+|(#\d+));)/) { |special| ERB::Util::HTML_ESCAPE[special] }
  end
 end
+
+# Workaround for CVE-2013-0333
+# https://groups.google.com/forum/?fromgroups=#!msg/rubyonrails-security/1h2DR63ViGo/GOUVafeaF1IJ
+ActiveSupport::JSON.backend = "JSONGem"