Commit 148f73499486ae96d04b0d232c4185b28502054e

Authored by Nathan Broadbent
2 parents b142a86a c6ca6461
Exists in master and in 1 other branch production

Merge pull request #353 from cheald/master

Upgrade to Rails 3.2.11 with backstop patches for CVE-2013-0156
Gemfile
1 1 source 'http://rubygems.org'
2 2  
3   -gem 'rails', '3.2.8'
  3 +gem 'rails', '3.2.11'
4 4 gem 'mongoid', '~> 2.4.10'
5 5 gem 'mongoid_rails_migrations'
6 6 gem 'devise', '~> 1.5.3'
... ... @@ -107,6 +107,4 @@ group :assets do
107 107 gem 'therubyracer', :platform => :ruby # C Ruby (MRI) or Rubinius, but NOT Windows
108 108 gem 'uglifier', '>= 1.0.3'
109 109 gem 'underscore-rails'
110   -end
111   -
112   -gem 'turbo-sprockets-rails3'
  110 +end
113 111 \ No newline at end of file
... ...
Gemfile.lock
... ... @@ -9,35 +9,35 @@ GEM
9 9 remote: http://rubygems.org/
10 10 specs:
11 11 SystemTimer (1.2.3)
12   - actionmailer (3.2.8)
13   - actionpack (= 3.2.8)
  12 + actionmailer (3.2.11)
  13 + actionpack (= 3.2.11)
14 14 mail (~> 2.4.4)
15 15 actionmailer_inline_css (1.3.1)
16 16 actionmailer (>= 3.0.0)
17 17 nokogiri (>= 1.4.4)
18 18 premailer (>= 1.7.1)
19   - actionpack (3.2.8)
20   - activemodel (= 3.2.8)
21   - activesupport (= 3.2.8)
  19 + actionpack (3.2.11)
  20 + activemodel (= 3.2.11)
  21 + activesupport (= 3.2.11)
22 22 builder (~> 3.0.0)
23 23 erubis (~> 2.7.0)
24 24 journey (~> 1.0.4)
25 25 rack (~> 1.4.0)
26 26 rack-cache (~> 1.2)
27 27 rack-test (~> 0.6.1)
28   - sprockets (~> 2.1.3)
29   - activemodel (3.2.8)
30   - activesupport (= 3.2.8)
  28 + sprockets (~> 2.2.1)
  29 + activemodel (3.2.11)
  30 + activesupport (= 3.2.11)
31 31 builder (~> 3.0.0)
32   - activerecord (3.2.8)
33   - activemodel (= 3.2.8)
34   - activesupport (= 3.2.8)
  32 + activerecord (3.2.11)
  33 + activemodel (= 3.2.11)
  34 + activesupport (= 3.2.11)
35 35 arel (~> 3.0.2)
36 36 tzinfo (~> 0.3.29)
37   - activeresource (3.2.8)
38   - activemodel (= 3.2.8)
39   - activesupport (= 3.2.8)
40   - activesupport (3.2.8)
  37 + activeresource (3.2.11)
  38 + activemodel (= 3.2.11)
  39 + activesupport (= 3.2.11)
  40 + activesupport (3.2.11)
41 41 i18n (~> 0.6)
42 42 multi_json (~> 1.0)
43 43 addressable (2.3.2)
... ... @@ -131,7 +131,7 @@ GEM
131 131 has_scope (~> 0.5.0)
132 132 responders (~> 0.6)
133 133 journey (1.0.4)
134   - json (1.7.5)
  134 + json (1.7.6)
135 135 jwt (0.1.5)
136 136 multi_json (>= 1.0)
137 137 kaminari (0.14.1)
... ... @@ -166,7 +166,7 @@ GEM
166 166 bundler (>= 1.0.0)
167 167 rails (>= 3.0.0)
168 168 railties (>= 3.0.0)
169   - multi_json (1.3.6)
  169 + multi_json (1.5.0)
170 170 multi_xml (0.5.1)
171 171 multipart-post (1.1.5)
172 172 net-scp (1.0.4)
... ... @@ -220,7 +220,7 @@ GEM
220 220 slop (>= 2.4.4, < 3)
221 221 pry-rails (0.2.0)
222 222 pry
223   - rack (1.4.1)
  223 + rack (1.4.3)
224 224 rack-cache (1.2)
225 225 rack (>= 0.4)
226 226 rack-ssl (1.3.2)
... ... @@ -228,25 +228,25 @@ GEM
228 228 rack-ssl-enforcer (0.2.4)
229 229 rack-test (0.6.2)
230 230 rack (>= 1.0)
231   - rails (3.2.8)
232   - actionmailer (= 3.2.8)
233   - actionpack (= 3.2.8)
234   - activerecord (= 3.2.8)
235   - activeresource (= 3.2.8)
236   - activesupport (= 3.2.8)
  231 + rails (3.2.11)
  232 + actionmailer (= 3.2.11)
  233 + actionpack (= 3.2.11)
  234 + activerecord (= 3.2.11)
  235 + activeresource (= 3.2.11)
  236 + activesupport (= 3.2.11)
237 237 bundler (~> 1.0)
238   - railties (= 3.2.8)
  238 + railties (= 3.2.11)
239 239 rails_autolink (1.0.9)
240 240 rails (~> 3.1)
241   - railties (3.2.8)
242   - actionpack (= 3.2.8)
243   - activesupport (= 3.2.8)
  241 + railties (3.2.11)
  242 + actionpack (= 3.2.11)
  243 + activesupport (= 3.2.11)
244 244 rack-ssl (~> 1.3.2)
245 245 rake (>= 0.8.7)
246 246 rdoc (~> 3.4)
247 247 thor (>= 0.14.6, < 2.0)
248 248 raindrops (0.10.0)
249   - rake (0.9.2.2)
  249 + rake (10.0.3)
250 250 rbx-require-relative (0.0.9)
251 251 rdoc (3.12)
252 252 json (~> 1.4)
... ... @@ -286,8 +286,9 @@ GEM
286 286 rubyzip
287 287 simple_oauth (0.1.9)
288 288 slop (2.4.4)
289   - sprockets (2.1.3)
  289 + sprockets (2.2.2)
290 290 hike (~> 1.2)
  291 + multi_json (~> 1.0)
291 292 rack (~> 1.0)
292 293 tilt (~> 1.1, != 1.3.0)
293 294 therubyracer (0.10.2)
... ... @@ -299,13 +300,10 @@ GEM
299 300 thor (0.16.0)
300 301 tilt (1.3.3)
301 302 timecop (0.3.5)
302   - treetop (1.4.10)
  303 + treetop (1.4.12)
303 304 polyglot
304 305 polyglot (>= 0.3.1)
305   - turbo-sprockets-rails3 (0.2.12)
306   - railties (>= 3.1.0, < 3.2.9)
307   - sprockets (>= 2.0.0)
308   - tzinfo (0.3.33)
  306 + tzinfo (0.3.35)
309 307 uglifier (1.2.7)
310 308 execjs (>= 0.3.0)
311 309 multi_json (~> 1.3)
... ... @@ -364,7 +362,7 @@ DEPENDENCIES
364 362 pry-rails
365 363 rack-ssl
366 364 rack-ssl-enforcer
367   - rails (= 3.2.8)
  365 + rails (= 3.2.11)
368 366 rails_autolink (~> 1.0.9)
369 367 ri_cal
370 368 rspec-rails (~> 2.6)
... ... @@ -374,7 +372,6 @@ DEPENDENCIES
374 372 therubyracer
375 373 thin
376 374 timecop
377   - turbo-sprockets-rails3
378 375 uglifier (>= 1.0.3)
379 376 underscore-rails
380 377 unicorn
... ...
config/initializers/cve-2013-0156.rb 0 → 100644
... ... @@ -0,0 +1,3 @@
  1 +ActionDispatch::ParamsParser::DEFAULT_PARSERS.delete(Mime::YAML)
  2 +ActiveSupport::XmlMini::PARSING.delete("symbol")
  3 +ActiveSupport::XmlMini::PARSING.delete("yaml")
... ...