From c6fde417ab77b3ab5a9feed2cf000be370a1b8df Mon Sep 17 00:00:00 2001
From: Santosh Wadghule <santosh.wadghule@gmail.com>
Date: Tue, 7 Aug 2018 20:35:32 +0530
Subject: [PATCH]  #712

(https://trello.com/c/CbleNB3C/712-qae18-security-timing-attack-affecting-rack-protection-gem)

- Upgrade `rack-protection` gem version to fix timing attack
vulnerability issue.
---
 Gemfile      | 1 +
 Gemfile.lock | 1 +
 2 files changed, 2 insertions(+)

diff --git a/Gemfile b/Gemfile
index e7e492a1a..fd2cb9f71 100644
--- a/Gemfile
+++ b/Gemfile
@@ -87,6 +87,7 @@ gem 'vigilion-rails', '~> 1.0.5'
 gem "sidekiq", "~> 4.1.1"
 gem "sidekiq-cron", "~> 0.4.2"
 gem 'sinatra', require: nil
+gem "rack-protection", "1.5.5" # Sinatra's dependency
 
 # Redis
 gem 'redis-rails'
diff --git a/Gemfile.lock b/Gemfile.lock
index 73897f003..c993452e8 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -684,6 +684,7 @@ DEPENDENCIES
   pusher
   quiet_assets
   rack-mini-profiler (>= 0.10.1)
+  rack-protection (= 1.5.5)
   rack-ssl-enforcer
   rails (= 4.2.10)
   rails-html-sanitizer (~> 1.0.4)