Update rails per CVE-2016-2098 warning (!510) · Merge requests · thoughtbot, inc. / administrate

Merged Administrator requested to merge jro-update-rails-cve-2016-2098 into master Mar 08, 2016

Created by: jayroh

When running bundler audit there is a warning that there is a possible exploit. See following:

➜  administrate git:(master) be rake bundler:audit
Updating ruby-advisory-db ...
From https://github.com/rubysec/ruby-advisory-db
 * branch            master     -> FETCH_HEAD
Current branch master is up to date.
ruby-advisory-db: 264 advisories
Name: actionpack
Version: 4.2.5.1
Advisory: CVE-2016-2098
Criticality: Unknown
URL:
https://groups.google.com/forum/#!topic/rubyonrails-security/ly-IH-fxr_Q
Title: Possible remote code execution vulnerability in Action Pack
Solution: upgrade to ~> 3.2.22.2, ~> 4.1.14.2, ~> 4.2.5.2

Vulnerabilities found!

This commit updates rails and its associated (action|active)* gems from 4.2.5.1 to 4.2.5.2. (And, I guess, sprockets too...?)