Fix XSS in delayed job web admin

https://github.com/ejschmitt/delayed_job_web/issues/101
This commit is contained in:
Frederic Merizen 2018-03-07 17:03:03 +01:00
parent 48a5f71e4b
commit c23419359b
2 changed files with 15 additions and 7 deletions

View file

@ -104,8 +104,10 @@ gem 'sanitize-url'
gem 'delayed_job_active_record'
gem "daemons"
gem 'delayed_cron_job'
gem "delayed_job_web"
# FIXME: this is a fork, go back to official version
# once https://github.com/ejschmitt/delayed_job_web/issues/101
# has been merged and released
gem "delayed_job_web", git: 'https://github.com/breckenedge/delayed_job_web.git', branch: 'cve_2017_12097'
gem 'select2-rails'
# PDF Generation

View file

@ -1,3 +1,13 @@
GIT
remote: https://github.com/breckenedge/delayed_job_web.git
revision: 6bcb10e61ea2b9a44ffa16be8536dff46ad51449
branch: cve_2017_12097
specs:
delayed_job_web (1.4)
activerecord (> 3.0.0)
delayed_job (> 2.0.3)
sinatra (>= 1.4.4)
GIT
remote: https://github.com/hassox/warden.git
revision: a4b197e0b28e7b576b0745b0f6aeaed8dbb774a4
@ -172,10 +182,6 @@ GEM
delayed_job_active_record (4.1.2)
activerecord (>= 3.0, < 5.2)
delayed_job (>= 3.0, < 5)
delayed_job_web (1.4)
activerecord (> 3.0.0)
delayed_job (> 2.0.3)
sinatra (>= 1.4.4)
devise (4.4.1)
bcrypt (~> 3.0)
orm_adapter (~> 0.1)
@ -796,7 +802,7 @@ DEPENDENCIES
deep_cloneable
delayed_cron_job
delayed_job_active_record
delayed_job_web
delayed_job_web!
devise
dotenv-rails
draper