Explicitly require Nokogiri 1.6.7.1 due to security issue

Name: nokogiri Version: 1.6.7 Advisory: CVE-2015-5312 Criticality: High URL: https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s Title: Nokogiri gem contains several vulnerabilities in libxml2 Solution: upgrade to >= 1.6.7.1

Explicitly require Nokogiri 1.6.7.1 due to security issue
Name: nokogiri Version: 1.6.7 Advisory: CVE-2015-5312 Criticality: High URL: https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s Title: Nokogiri gem contains several vulnerabilities in libxml2 Solution: upgrade to >= 1.6.7.1
e5e44057 · Robert Speicher · 22e65944 · e5e44057 · e5e44057
隐藏空白更改
内联并排

Showing with 5 addition and 1 deletion

Gemfile Gemfile +3 -0

Gemfile.lock Gemfile.lock +2 -1

未找到文件。
--- a/Gemfile
+++ b/Gemfile
@@ -101,6 +101,9 @@ gem 'wikicloth',     '0.8.1'
 gem 'asciidoctor',   '~> 1.5.2'
 gem 'rouge',         '~> 1.10.1'

+# See https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s
+gem 'nokogiri', '1.6.7.1'
+
 # Diffs
 gem 'diffy', '~> 3.0.3'


--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -420,7 +420,7 @@ GEM
      grape
      newrelic_rpm
    newrelic_rpm (3.9.4.245)
-    nokogiri (1.6.7)
+    nokogiri (1.6.7.1)
      mini_portile2 (~> 2.0.0.rc2)
    nprogress-rails (0.1.6.7)
    oauth (0.4.7)
@@ -888,6 +888,7 @@ DEPENDENCIES
  net-ssh (~> 3.0.1)
  newrelic-grape
  newrelic_rpm (~> 3.9.4.245)
+  nokogiri (= 1.6.7.1)
  nprogress-rails (~> 0.1.6.7)
  oauth2 (~> 1.0.0)
  octokit (~> 3.7.0)