diff --git a/Gemfile b/Gemfile
index d62e3032..af1049e4 100644
--- a/Gemfile
+++ b/Gemfile
@@ -3,6 +3,7 @@ source :rubygems
 
 gem "rails", "2.3.17"
 
+gem "json", "~> 1.7.7"
 gem "coderay", "~> 1.0.0"
 gem "i18n", "~> 0.4.2"
 gem "rubytree", "~> 0.5.2", :require => 'tree'
diff --git a/config/initializers/10-patches.rb b/config/initializers/10-patches.rb
index 45a4371d..1ad5a3ee 100644
--- a/config/initializers/10-patches.rb
+++ b/config/initializers/10-patches.rb
@@ -212,3 +212,7 @@ module ActionView::Helpers::TagHelper
     ActiveSupport::Multibyte.clean(html.to_s).gsub(/[\"\'><]|&(?!([a-zA-Z]+|(#\d+));)/) { |special| ERB::Util::HTML_ESCAPE[special] }
   end
 end
+
+# Workaround for CVE-2013-0333
+# https://groups.google.com/forum/?fromgroups=#!msg/rubyonrails-security/1h2DR63ViGo/GOUVafeaF1IJ
+ActiveSupport::JSON.backend = "JSONGem"