Security: Timing Attack affecting rack-protection gem #1469
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
matthewford
approved these changes
Aug 7, 2018
(https://trello.com/c/CbleNB3C/712-qae18-security-timing-attack-affecting-rack-protection-gem) - Upgrade `rack-protection` gem version to fix timing attack vulnerability issue.
mechanicles
force-pushed
the
712-timing-attack
branch
from
d612be2
to
c6fde41
Compare
|
@matthewford @tomopey Security/snyk check got failed due to this XML External Entity (XXE) Injection issue in Nokogiri gem. I went through it, and I found that there is no proper solution until now. You can see this doc https://app.snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20299, and it has this following info,
You can also check this issue for the refer sparklemotion/nokogiri#1582 I feel that we should create a new card for this Nokogiri issue on the Trello. And let's merge this issue as this issue has nothing do with Nokogiri. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
rack-protectiongem version to fix timing attackvulnerability issue.
https://trello.com/c/CbleNB3C/712-qae18-security-timing-attack-affecting-rack-protection-gem