Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
(https://trello.com/c/CbleNB3C/712-qae18-security-timing-attack-affecting-rack-protection-gem)

- Upgrade `rack-protection` gem version to fix timing attack
vulnerability issue.
  • Loading branch information
mechanicles committed Aug 7, 2018
1 parent 4adce2e commit c6fde41
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 0 deletions.
1 change: 1 addition & 0 deletions Gemfile
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,7 @@ gem 'vigilion-rails', '~> 1.0.5'
gem "sidekiq", "~> 4.1.1"
gem "sidekiq-cron", "~> 0.4.2"
gem 'sinatra', require: nil
gem "rack-protection", "1.5.5" # Sinatra's dependency

# Redis
gem 'redis-rails'
Expand Down
1 change: 1 addition & 0 deletions Gemfile.lock
Original file line number Diff line number Diff line change
Expand Up @@ -684,6 +684,7 @@ DEPENDENCIES
pusher
quiet_assets
rack-mini-profiler (>= 0.10.1)
rack-protection (= 1.5.5)
rack-ssl-enforcer
rails (= 4.2.10)
rails-html-sanitizer (~> 1.0.4)
Expand Down

0 comments on commit c6fde41

Please sign in to comment.