Skip to content

Commit

Permalink
#712 (https://trello.com/c/CbleNB3C/712-qae18-security-timing-attack…
Browse files Browse the repository at this point in the history 
…-affecting-rack-protection-gem)

- Upgrade `rack-protection` gem version to fix timing attack
vulnerability issue.
  • Loading branch information
@mechanicles
mechanicles committed Aug 7, 2018
1 parent 4adce2e commit d612be2
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 1 deletion.
1 change: 1 addition & 0 deletions Gemfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,7 @@ gem 'vigilion-rails', '~> 1.0.5'
gem "sidekiq", "~> 4.1.1"
gem "sidekiq-cron", "~> 0.4.2"
gem 'sinatra', require: nil
gem "rack-protection", "1.5.5" # Sinatra's dependency

# Redis
gem 'redis-rails'
Expand Down
3 changes: 2 additions & 1 deletion Gemfile.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -684,6 +684,7 @@ DEPENDENCIES
pusher
quiet_assets
rack-mini-profiler (>= 0.10.1)
rack-protection (= 1.5.5)
rack-ssl-enforcer
rails (= 4.2.10)
rails-html-sanitizer (~> 1.0.4)
Expand Down Expand Up @@ -719,4 +720,4 @@ RUBY VERSION
ruby 2.5.0p0

BUNDLED WITH
1.16.2
1.16.3

0 comments on commit d612be2

Please sign in to comment.