Commit 148f73499486ae96d04b0d232c4185b28502054e

Authored by Nathan Broadbent
2 parents b142a86a c6ca6461
Exists in master and in 1 other branch production

Merge pull request #353 from cheald/master

Upgrade to Rails 3.2.11 with backstop patches for CVE-2013-0156
1 source 'http://rubygems.org' 1 source 'http://rubygems.org'
2 2
3 -gem 'rails', '3.2.8' 3 +gem 'rails', '3.2.11'
4 gem 'mongoid', '~> 2.4.10' 4 gem 'mongoid', '~> 2.4.10'
5 gem 'mongoid_rails_migrations' 5 gem 'mongoid_rails_migrations'
6 gem 'devise', '~> 1.5.3' 6 gem 'devise', '~> 1.5.3'
@@ -107,6 +107,4 @@ group :assets do @@ -107,6 +107,4 @@ group :assets do
107 gem 'therubyracer', :platform => :ruby # C Ruby (MRI) or Rubinius, but NOT Windows 107 gem 'therubyracer', :platform => :ruby # C Ruby (MRI) or Rubinius, but NOT Windows
108 gem 'uglifier', '>= 1.0.3' 108 gem 'uglifier', '>= 1.0.3'
109 gem 'underscore-rails' 109 gem 'underscore-rails'
110 -end  
111 -  
112 -gem 'turbo-sprockets-rails3' 110 +end
113 \ No newline at end of file 111 \ No newline at end of file
@@ -9,35 +9,35 @@ GEM @@ -9,35 +9,35 @@ GEM
9 remote: http://rubygems.org/ 9 remote: http://rubygems.org/
10 specs: 10 specs:
11 SystemTimer (1.2.3) 11 SystemTimer (1.2.3)
12 - actionmailer (3.2.8)  
13 - actionpack (= 3.2.8) 12 + actionmailer (3.2.11)
  13 + actionpack (= 3.2.11)
14 mail (~> 2.4.4) 14 mail (~> 2.4.4)
15 actionmailer_inline_css (1.3.1) 15 actionmailer_inline_css (1.3.1)
16 actionmailer (>= 3.0.0) 16 actionmailer (>= 3.0.0)
17 nokogiri (>= 1.4.4) 17 nokogiri (>= 1.4.4)
18 premailer (>= 1.7.1) 18 premailer (>= 1.7.1)
19 - actionpack (3.2.8)  
20 - activemodel (= 3.2.8)  
21 - activesupport (= 3.2.8) 19 + actionpack (3.2.11)
  20 + activemodel (= 3.2.11)
  21 + activesupport (= 3.2.11)
22 builder (~> 3.0.0) 22 builder (~> 3.0.0)
23 erubis (~> 2.7.0) 23 erubis (~> 2.7.0)
24 journey (~> 1.0.4) 24 journey (~> 1.0.4)
25 rack (~> 1.4.0) 25 rack (~> 1.4.0)
26 rack-cache (~> 1.2) 26 rack-cache (~> 1.2)
27 rack-test (~> 0.6.1) 27 rack-test (~> 0.6.1)
28 - sprockets (~> 2.1.3)  
29 - activemodel (3.2.8)  
30 - activesupport (= 3.2.8) 28 + sprockets (~> 2.2.1)
  29 + activemodel (3.2.11)
  30 + activesupport (= 3.2.11)
31 builder (~> 3.0.0) 31 builder (~> 3.0.0)
32 - activerecord (3.2.8)  
33 - activemodel (= 3.2.8)  
34 - activesupport (= 3.2.8) 32 + activerecord (3.2.11)
  33 + activemodel (= 3.2.11)
  34 + activesupport (= 3.2.11)
35 arel (~> 3.0.2) 35 arel (~> 3.0.2)
36 tzinfo (~> 0.3.29) 36 tzinfo (~> 0.3.29)
37 - activeresource (3.2.8)  
38 - activemodel (= 3.2.8)  
39 - activesupport (= 3.2.8)  
40 - activesupport (3.2.8) 37 + activeresource (3.2.11)
  38 + activemodel (= 3.2.11)
  39 + activesupport (= 3.2.11)
  40 + activesupport (3.2.11)
41 i18n (~> 0.6) 41 i18n (~> 0.6)
42 multi_json (~> 1.0) 42 multi_json (~> 1.0)
43 addressable (2.3.2) 43 addressable (2.3.2)
@@ -131,7 +131,7 @@ GEM @@ -131,7 +131,7 @@ GEM
131 has_scope (~> 0.5.0) 131 has_scope (~> 0.5.0)
132 responders (~> 0.6) 132 responders (~> 0.6)
133 journey (1.0.4) 133 journey (1.0.4)
134 - json (1.7.5) 134 + json (1.7.6)
135 jwt (0.1.5) 135 jwt (0.1.5)
136 multi_json (>= 1.0) 136 multi_json (>= 1.0)
137 kaminari (0.14.1) 137 kaminari (0.14.1)
@@ -166,7 +166,7 @@ GEM @@ -166,7 +166,7 @@ GEM
166 bundler (>= 1.0.0) 166 bundler (>= 1.0.0)
167 rails (>= 3.0.0) 167 rails (>= 3.0.0)
168 railties (>= 3.0.0) 168 railties (>= 3.0.0)
169 - multi_json (1.3.6) 169 + multi_json (1.5.0)
170 multi_xml (0.5.1) 170 multi_xml (0.5.1)
171 multipart-post (1.1.5) 171 multipart-post (1.1.5)
172 net-scp (1.0.4) 172 net-scp (1.0.4)
@@ -220,7 +220,7 @@ GEM @@ -220,7 +220,7 @@ GEM
220 slop (>= 2.4.4, < 3) 220 slop (>= 2.4.4, < 3)
221 pry-rails (0.2.0) 221 pry-rails (0.2.0)
222 pry 222 pry
223 - rack (1.4.1) 223 + rack (1.4.3)
224 rack-cache (1.2) 224 rack-cache (1.2)
225 rack (>= 0.4) 225 rack (>= 0.4)
226 rack-ssl (1.3.2) 226 rack-ssl (1.3.2)
@@ -228,25 +228,25 @@ GEM @@ -228,25 +228,25 @@ GEM
228 rack-ssl-enforcer (0.2.4) 228 rack-ssl-enforcer (0.2.4)
229 rack-test (0.6.2) 229 rack-test (0.6.2)
230 rack (>= 1.0) 230 rack (>= 1.0)
231 - rails (3.2.8)  
232 - actionmailer (= 3.2.8)  
233 - actionpack (= 3.2.8)  
234 - activerecord (= 3.2.8)  
235 - activeresource (= 3.2.8)  
236 - activesupport (= 3.2.8) 231 + rails (3.2.11)
  232 + actionmailer (= 3.2.11)
  233 + actionpack (= 3.2.11)
  234 + activerecord (= 3.2.11)
  235 + activeresource (= 3.2.11)
  236 + activesupport (= 3.2.11)
237 bundler (~> 1.0) 237 bundler (~> 1.0)
238 - railties (= 3.2.8) 238 + railties (= 3.2.11)
239 rails_autolink (1.0.9) 239 rails_autolink (1.0.9)
240 rails (~> 3.1) 240 rails (~> 3.1)
241 - railties (3.2.8)  
242 - actionpack (= 3.2.8)  
243 - activesupport (= 3.2.8) 241 + railties (3.2.11)
  242 + actionpack (= 3.2.11)
  243 + activesupport (= 3.2.11)
244 rack-ssl (~> 1.3.2) 244 rack-ssl (~> 1.3.2)
245 rake (>= 0.8.7) 245 rake (>= 0.8.7)
246 rdoc (~> 3.4) 246 rdoc (~> 3.4)
247 thor (>= 0.14.6, < 2.0) 247 thor (>= 0.14.6, < 2.0)
248 raindrops (0.10.0) 248 raindrops (0.10.0)
249 - rake (0.9.2.2) 249 + rake (10.0.3)
250 rbx-require-relative (0.0.9) 250 rbx-require-relative (0.0.9)
251 rdoc (3.12) 251 rdoc (3.12)
252 json (~> 1.4) 252 json (~> 1.4)
@@ -286,8 +286,9 @@ GEM @@ -286,8 +286,9 @@ GEM
286 rubyzip 286 rubyzip
287 simple_oauth (0.1.9) 287 simple_oauth (0.1.9)
288 slop (2.4.4) 288 slop (2.4.4)
289 - sprockets (2.1.3) 289 + sprockets (2.2.2)
290 hike (~> 1.2) 290 hike (~> 1.2)
  291 + multi_json (~> 1.0)
291 rack (~> 1.0) 292 rack (~> 1.0)
292 tilt (~> 1.1, != 1.3.0) 293 tilt (~> 1.1, != 1.3.0)
293 therubyracer (0.10.2) 294 therubyracer (0.10.2)
@@ -299,13 +300,10 @@ GEM @@ -299,13 +300,10 @@ GEM
299 thor (0.16.0) 300 thor (0.16.0)
300 tilt (1.3.3) 301 tilt (1.3.3)
301 timecop (0.3.5) 302 timecop (0.3.5)
302 - treetop (1.4.10) 303 + treetop (1.4.12)
303 polyglot 304 polyglot
304 polyglot (>= 0.3.1) 305 polyglot (>= 0.3.1)
305 - turbo-sprockets-rails3 (0.2.12)  
306 - railties (>= 3.1.0, < 3.2.9)  
307 - sprockets (>= 2.0.0)  
308 - tzinfo (0.3.33) 306 + tzinfo (0.3.35)
309 uglifier (1.2.7) 307 uglifier (1.2.7)
310 execjs (>= 0.3.0) 308 execjs (>= 0.3.0)
311 multi_json (~> 1.3) 309 multi_json (~> 1.3)
@@ -364,7 +362,7 @@ DEPENDENCIES @@ -364,7 +362,7 @@ DEPENDENCIES
364 pry-rails 362 pry-rails
365 rack-ssl 363 rack-ssl
366 rack-ssl-enforcer 364 rack-ssl-enforcer
367 - rails (= 3.2.8) 365 + rails (= 3.2.11)
368 rails_autolink (~> 1.0.9) 366 rails_autolink (~> 1.0.9)
369 ri_cal 367 ri_cal
370 rspec-rails (~> 2.6) 368 rspec-rails (~> 2.6)
@@ -374,7 +372,6 @@ DEPENDENCIES @@ -374,7 +372,6 @@ DEPENDENCIES
374 therubyracer 372 therubyracer
375 thin 373 thin
376 timecop 374 timecop
377 - turbo-sprockets-rails3  
378 uglifier (>= 1.0.3) 375 uglifier (>= 1.0.3)
379 underscore-rails 376 underscore-rails
380 unicorn 377 unicorn
config/initializers/cve-2013-0156.rb 0 → 100644
@@ -0,0 +1,3 @@ @@ -0,0 +1,3 @@
  1 +ActionDispatch::ParamsParser::DEFAULT_PARSERS.delete(Mime::YAML)
  2 +ActiveSupport::XmlMini::PARSING.delete("symbol")
  3 +ActiveSupport::XmlMini::PARSING.delete("yaml")