Update Rails for security patches (!654) · Merge requests · thoughtbot, inc. / administrate

Merged Administrator requested to merge audit into master Sep 08, 2016

Created by: gracewashere

Problem

bundle-audit gives the following warnings:

Name: actionview
Version: 4.2.5.2
Advisory: CVE-2016-6316
Criticality: Unknown
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/I-VWr034ouk
Title: Possible XSS Vulnerability in Action View
Solution: upgrade to ~> 3.2.22.3, ~> 4.2.7.1, >= 5.0.0.1

Name: activerecord
Version: 4.2.5.2
Advisory: CVE-2016-6317
Criticality: Unknown
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/rgO20zYW33s
Title: Unsafe Query Generation Risk in Active Record
Solution: upgrade to ~> 4.2.7.1

Vulnerabilities found!

Solution

Run bundle update rails.