Fix XSS in delayed job web admin
https://github.com/ejschmitt/delayed_job_web/issues/101
This commit is contained in:
parent
48a5f71e4b
commit
c23419359b
2 changed files with 15 additions and 7 deletions
6
Gemfile
6
Gemfile
|
@ -104,8 +104,10 @@ gem 'sanitize-url'
|
|||
gem 'delayed_job_active_record'
|
||||
gem "daemons"
|
||||
gem 'delayed_cron_job'
|
||||
gem "delayed_job_web"
|
||||
|
||||
# FIXME: this is a fork, go back to official version
|
||||
# once https://github.com/ejschmitt/delayed_job_web/issues/101
|
||||
# has been merged and released
|
||||
gem "delayed_job_web", git: 'https://github.com/breckenedge/delayed_job_web.git', branch: 'cve_2017_12097'
|
||||
gem 'select2-rails'
|
||||
|
||||
# PDF Generation
|
||||
|
|
16
Gemfile.lock
16
Gemfile.lock
|
@ -1,3 +1,13 @@
|
|||
GIT
|
||||
remote: https://github.com/breckenedge/delayed_job_web.git
|
||||
revision: 6bcb10e61ea2b9a44ffa16be8536dff46ad51449
|
||||
branch: cve_2017_12097
|
||||
specs:
|
||||
delayed_job_web (1.4)
|
||||
activerecord (> 3.0.0)
|
||||
delayed_job (> 2.0.3)
|
||||
sinatra (>= 1.4.4)
|
||||
|
||||
GIT
|
||||
remote: https://github.com/hassox/warden.git
|
||||
revision: a4b197e0b28e7b576b0745b0f6aeaed8dbb774a4
|
||||
|
@ -172,10 +182,6 @@ GEM
|
|||
delayed_job_active_record (4.1.2)
|
||||
activerecord (>= 3.0, < 5.2)
|
||||
delayed_job (>= 3.0, < 5)
|
||||
delayed_job_web (1.4)
|
||||
activerecord (> 3.0.0)
|
||||
delayed_job (> 2.0.3)
|
||||
sinatra (>= 1.4.4)
|
||||
devise (4.4.1)
|
||||
bcrypt (~> 3.0)
|
||||
orm_adapter (~> 0.1)
|
||||
|
@ -796,7 +802,7 @@ DEPENDENCIES
|
|||
deep_cloneable
|
||||
delayed_cron_job
|
||||
delayed_job_active_record
|
||||
delayed_job_web
|
||||
delayed_job_web!
|
||||
devise
|
||||
dotenv-rails
|
||||
draper
|
||||
|
|
Loading…
Reference in a new issue