Content
View differences
Updated by Jonas Heinrich (Finn) about 12 years ago
- i18n: We still use 0.6.5, [0.6.6 is fixed](https://groups.google.com/forum/#!topic/ruby-security-ann/pLrh6DUw998).
- nokogiri: Several issues, but only with JRuby. Not critical, but we should update for our dependencies badge to be no longer red. We use 1.5.9, [1.5.11 is fixed](https://groups.google.com/forum/#!topic/ruby-security-ann/DeJpjTAg1FA).
- rack-ssl: I believe someone already made a fix for this, but I couldn’t find the PR. Also only affects JRuby. [CVE](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2538) and [fix](https://github.com/josh/rack-ssl/commit/9d7d7300b907e496db68d89d07fbc2e0df0b487b).
Also see https://gemnasium.com/opf/openproject/alerts
- nokogiri: Several issues, but only with JRuby. Not critical, but we should update for our dependencies badge to be no longer red. We use 1.5.9, [1.5.11 is fixed](https://groups.google.com/forum/#!topic/ruby-security-ann/DeJpjTAg1FA).
- rack-ssl: I believe someone already made a fix for this, but I couldn’t find the PR. Also only affects JRuby. [CVE](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2538) and [fix](https://github.com/josh/rack-ssl/commit/9d7d7300b907e496db68d89d07fbc2e0df0b487b).
Also see https://gemnasium.com/opf/openproject/alerts