Merge pull request #353 from cheald/master

Upgrade to Rails 3.2.11 with backstop patches for CVE-2013-0156

Merge pull request #353 from cheald/master
Upgrade to Rails 3.2.11 with backstop patches for CVE-2013-0156
Nathan Broadbent
2 parents b142a86a c6ca6461
Showing 3 changed files with 39 additions and 41 deletions Show diff stats
Gemfile
Gemfile.lock
config/initializers/cve-2013-0156.rb
 source 'http://rubygems.org'
  
-gem 'rails', '3.2.8'
+gem 'rails', '3.2.11'
 gem 'mongoid', '~> 2.4.10'
 gem 'mongoid_rails_migrations'
 gem 'devise', '~> 1.5.3'
@@ -107,6 +107,4 @@ group :assets do
   gem 'therubyracer', :platform => :ruby  # C Ruby (MRI) or Rubinius, but NOT Windows
   gem 'uglifier',     '>= 1.0.3'
   gem 'underscore-rails'
-end
-
-gem 'turbo-sprockets-rails3'
+end
 \ No newline at end of file
@@ -9,35 +9,35 @@ GEM
   remote: http://rubygems.org/
   specs:
     SystemTimer (1.2.3)
-    actionmailer (3.2.8)
-      actionpack (= 3.2.8)
+    actionmailer (3.2.11)
+      actionpack (= 3.2.11)
       mail (~> 2.4.4)
     actionmailer_inline_css (1.3.1)
       actionmailer (>= 3.0.0)
       nokogiri (>= 1.4.4)
       premailer (>= 1.7.1)
-    actionpack (3.2.8)
-      activemodel (= 3.2.8)
-      activesupport (= 3.2.8)
+    actionpack (3.2.11)
+      activemodel (= 3.2.11)
+      activesupport (= 3.2.11)
       builder (~> 3.0.0)
       erubis (~> 2.7.0)
       journey (~> 1.0.4)
       rack (~> 1.4.0)
       rack-cache (~> 1.2)
       rack-test (~> 0.6.1)
-      sprockets (~> 2.1.3)
-    activemodel (3.2.8)
-      activesupport (= 3.2.8)
+      sprockets (~> 2.2.1)
+    activemodel (3.2.11)
+      activesupport (= 3.2.11)
       builder (~> 3.0.0)
-    activerecord (3.2.8)
-      activemodel (= 3.2.8)
-      activesupport (= 3.2.8)
+    activerecord (3.2.11)
+      activemodel (= 3.2.11)
+      activesupport (= 3.2.11)
       arel (~> 3.0.2)
       tzinfo (~> 0.3.29)
-    activeresource (3.2.8)
-      activemodel (= 3.2.8)
-      activesupport (= 3.2.8)
-    activesupport (3.2.8)
+    activeresource (3.2.11)
+      activemodel (= 3.2.11)
+      activesupport (= 3.2.11)
+    activesupport (3.2.11)
       i18n (~> 0.6)
       multi_json (~> 1.0)
     addressable (2.3.2)
@@ -131,7 +131,7 @@ GEM
       has_scope (~> 0.5.0)
       responders (~> 0.6)
     journey (1.0.4)
-    json (1.7.5)
+    json (1.7.6)
     jwt (0.1.5)
       multi_json (>= 1.0)
     kaminari (0.14.1)
@@ -166,7 +166,7 @@ GEM
       bundler (>= 1.0.0)
       rails (>= 3.0.0)
       railties (>= 3.0.0)
-    multi_json (1.3.6)
+    multi_json (1.5.0)
     multi_xml (0.5.1)
     multipart-post (1.1.5)
     net-scp (1.0.4)
@@ -220,7 +220,7 @@ GEM
       slop (>= 2.4.4, < 3)
     pry-rails (0.2.0)
       pry
-    rack (1.4.1)
+    rack (1.4.3)
     rack-cache (1.2)
       rack (>= 0.4)
     rack-ssl (1.3.2)
@@ -228,25 +228,25 @@ GEM
     rack-ssl-enforcer (0.2.4)
     rack-test (0.6.2)
       rack (>= 1.0)
-    rails (3.2.8)
-      actionmailer (= 3.2.8)
-      actionpack (= 3.2.8)
-      activerecord (= 3.2.8)
-      activeresource (= 3.2.8)
-      activesupport (= 3.2.8)
+    rails (3.2.11)
+      actionmailer (= 3.2.11)
+      actionpack (= 3.2.11)
+      activerecord (= 3.2.11)
+      activeresource (= 3.2.11)
+      activesupport (= 3.2.11)
       bundler (~> 1.0)
-      railties (= 3.2.8)
+      railties (= 3.2.11)
     rails_autolink (1.0.9)
       rails (~> 3.1)
-    railties (3.2.8)
-      actionpack (= 3.2.8)
-      activesupport (= 3.2.8)
+    railties (3.2.11)
+      actionpack (= 3.2.11)
+      activesupport (= 3.2.11)
       rack-ssl (~> 1.3.2)
       rake (>= 0.8.7)
       rdoc (~> 3.4)
       thor (>= 0.14.6, < 2.0)
     raindrops (0.10.0)
-    rake (0.9.2.2)
+    rake (10.0.3)
     rbx-require-relative (0.0.9)
     rdoc (3.12)
       json (~> 1.4)
@@ -286,8 +286,9 @@ GEM
       rubyzip
     simple_oauth (0.1.9)
     slop (2.4.4)
-    sprockets (2.1.3)
+    sprockets (2.2.2)
       hike (~> 1.2)
+      multi_json (~> 1.0)
       rack (~> 1.0)
       tilt (~> 1.1, != 1.3.0)
     therubyracer (0.10.2)
@@ -299,13 +300,10 @@ GEM
     thor (0.16.0)
     tilt (1.3.3)
     timecop (0.3.5)
-    treetop (1.4.10)
+    treetop (1.4.12)
       polyglot
       polyglot (>= 0.3.1)
-    turbo-sprockets-rails3 (0.2.12)
-      railties (>= 3.1.0, < 3.2.9)
-      sprockets (>= 2.0.0)
-    tzinfo (0.3.33)
+    tzinfo (0.3.35)
     uglifier (1.2.7)
       execjs (>= 0.3.0)
       multi_json (~> 1.3)
@@ -364,7 +362,7 @@ DEPENDENCIES
   pry-rails
   rack-ssl
   rack-ssl-enforcer
-  rails (= 3.2.8)
+  rails (= 3.2.11)
   rails_autolink (~> 1.0.9)
   ri_cal
   rspec-rails (~> 2.6)
@@ -374,7 +372,6 @@ DEPENDENCIES
   therubyracer
   thin
   timecop
-  turbo-sprockets-rails3
   uglifier (>= 1.0.3)
   underscore-rails
   unicorn
@@ -0,0 +1,3 @@
+ActionDispatch::ParamsParser::DEFAULT_PARSERS.delete(Mime::YAML)
+ActiveSupport::XmlMini::PARSING.delete("symbol") 
+ActiveSupport::XmlMini::PARSING.delete("yaml")
1	1	source 'http://rubygems.org'
2	2
3		-gem 'rails', '3.2.8'
	3	+gem 'rails', '3.2.11'
4	4	gem 'mongoid', '~> 2.4.10'
5	5	gem 'mongoid_rails_migrations'
6	6	gem 'devise', '~> 1.5.3'
...	...	@@ -107,6 +107,4 @@ group :assets do
107	107	gem 'therubyracer', :platform => :ruby # C Ruby (MRI) or Rubinius, but NOT Windows
108	108	gem 'uglifier', '>= 1.0.3'
109	109	gem 'underscore-rails'
110		-end
111		-
112		-gem 'turbo-sprockets-rails3'
	110	+end
113	111	\ No newline at end of file
...	...
...	...	@@ -9,35 +9,35 @@ GEM
9	9	remote: http://rubygems.org/
10	10	specs:
11	11	SystemTimer (1.2.3)
12		- actionmailer (3.2.8)
13		- actionpack (= 3.2.8)
	12	+ actionmailer (3.2.11)
	13	+ actionpack (= 3.2.11)
14	14	mail (~> 2.4.4)
15	15	actionmailer_inline_css (1.3.1)
16	16	actionmailer (>= 3.0.0)
17	17	nokogiri (>= 1.4.4)
18	18	premailer (>= 1.7.1)
19		- actionpack (3.2.8)
20		- activemodel (= 3.2.8)
21		- activesupport (= 3.2.8)
	19	+ actionpack (3.2.11)
	20	+ activemodel (= 3.2.11)
	21	+ activesupport (= 3.2.11)
22	22	builder (~> 3.0.0)
23	23	erubis (~> 2.7.0)
24	24	journey (~> 1.0.4)
25	25	rack (~> 1.4.0)
26	26	rack-cache (~> 1.2)
27	27	rack-test (~> 0.6.1)
28		- sprockets (~> 2.1.3)
29		- activemodel (3.2.8)
30		- activesupport (= 3.2.8)
	28	+ sprockets (~> 2.2.1)
	29	+ activemodel (3.2.11)
	30	+ activesupport (= 3.2.11)
31	31	builder (~> 3.0.0)
32		- activerecord (3.2.8)
33		- activemodel (= 3.2.8)
34		- activesupport (= 3.2.8)
	32	+ activerecord (3.2.11)
	33	+ activemodel (= 3.2.11)
	34	+ activesupport (= 3.2.11)
35	35	arel (~> 3.0.2)
36	36	tzinfo (~> 0.3.29)
37		- activeresource (3.2.8)
38		- activemodel (= 3.2.8)
39		- activesupport (= 3.2.8)
40		- activesupport (3.2.8)
	37	+ activeresource (3.2.11)
	38	+ activemodel (= 3.2.11)
	39	+ activesupport (= 3.2.11)
	40	+ activesupport (3.2.11)
41	41	i18n (~> 0.6)
42	42	multi_json (~> 1.0)
43	43	addressable (2.3.2)
...	...	@@ -131,7 +131,7 @@ GEM
131	131	has_scope (~> 0.5.0)
132	132	responders (~> 0.6)
133	133	journey (1.0.4)
134		- json (1.7.5)
	134	+ json (1.7.6)
135	135	jwt (0.1.5)
136	136	multi_json (>= 1.0)
137	137	kaminari (0.14.1)
...	...	@@ -166,7 +166,7 @@ GEM
166	166	bundler (>= 1.0.0)
167	167	rails (>= 3.0.0)
168	168	railties (>= 3.0.0)
169		- multi_json (1.3.6)
	169	+ multi_json (1.5.0)
170	170	multi_xml (0.5.1)
171	171	multipart-post (1.1.5)
172	172	net-scp (1.0.4)
...	...	@@ -220,7 +220,7 @@ GEM
220	220	slop (>= 2.4.4, < 3)
221	221	pry-rails (0.2.0)
222	222	pry
223		- rack (1.4.1)
	223	+ rack (1.4.3)
224	224	rack-cache (1.2)
225	225	rack (>= 0.4)
226	226	rack-ssl (1.3.2)
...	...	@@ -228,25 +228,25 @@ GEM
228	228	rack-ssl-enforcer (0.2.4)
229	229	rack-test (0.6.2)
230	230	rack (>= 1.0)
231		- rails (3.2.8)
232		- actionmailer (= 3.2.8)
233		- actionpack (= 3.2.8)
234		- activerecord (= 3.2.8)
235		- activeresource (= 3.2.8)
236		- activesupport (= 3.2.8)
	231	+ rails (3.2.11)
	232	+ actionmailer (= 3.2.11)
	233	+ actionpack (= 3.2.11)
	234	+ activerecord (= 3.2.11)
	235	+ activeresource (= 3.2.11)
	236	+ activesupport (= 3.2.11)
237	237	bundler (~> 1.0)
238		- railties (= 3.2.8)
	238	+ railties (= 3.2.11)
239	239	rails_autolink (1.0.9)
240	240	rails (~> 3.1)
241		- railties (3.2.8)
242		- actionpack (= 3.2.8)
243		- activesupport (= 3.2.8)
	241	+ railties (3.2.11)
	242	+ actionpack (= 3.2.11)
	243	+ activesupport (= 3.2.11)
244	244	rack-ssl (~> 1.3.2)
245	245	rake (>= 0.8.7)
246	246	rdoc (~> 3.4)
247	247	thor (>= 0.14.6, < 2.0)
248	248	raindrops (0.10.0)
249		- rake (0.9.2.2)
	249	+ rake (10.0.3)
250	250	rbx-require-relative (0.0.9)
251	251	rdoc (3.12)
252	252	json (~> 1.4)
...	...	@@ -286,8 +286,9 @@ GEM
286	286	rubyzip
287	287	simple_oauth (0.1.9)
288	288	slop (2.4.4)
289		- sprockets (2.1.3)
	289	+ sprockets (2.2.2)
290	290	hike (~> 1.2)
	291	+ multi_json (~> 1.0)
291	292	rack (~> 1.0)
292	293	tilt (~> 1.1, != 1.3.0)
293	294	therubyracer (0.10.2)
...	...	@@ -299,13 +300,10 @@ GEM
299	300	thor (0.16.0)
300	301	tilt (1.3.3)
301	302	timecop (0.3.5)
302		- treetop (1.4.10)
	303	+ treetop (1.4.12)
303	304	polyglot
304	305	polyglot (>= 0.3.1)
305		- turbo-sprockets-rails3 (0.2.12)
306		- railties (>= 3.1.0, < 3.2.9)
307		- sprockets (>= 2.0.0)
308		- tzinfo (0.3.33)
	306	+ tzinfo (0.3.35)
309	307	uglifier (1.2.7)
310	308	execjs (>= 0.3.0)
311	309	multi_json (~> 1.3)
...	...	@@ -364,7 +362,7 @@ DEPENDENCIES
364	362	pry-rails
365	363	rack-ssl
366	364	rack-ssl-enforcer
367		- rails (= 3.2.8)
	365	+ rails (= 3.2.11)
368	366	rails_autolink (~> 1.0.9)
369	367	ri_cal
370	368	rspec-rails (~> 2.6)
...	...	@@ -374,7 +372,6 @@ DEPENDENCIES
374	372	therubyracer
375	373	thin
376	374	timecop
377		- turbo-sprockets-rails3
378	375	uglifier (>= 1.0.3)
379	376	underscore-rails
380	377	unicorn
...	...
...	...	@@ -0,0 +1,3 @@
	1	+ActionDispatch::ParamsParser::DEFAULT_PARSERS.delete(Mime::YAML)
	2	+ActiveSupport::XmlMini::PARSING.delete("symbol")
	3	+ActiveSupport::XmlMini::PARSING.delete("yaml")
...	...