aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorToshi MARUYAMA <marutosijp2@yahoo.co.jp>2017-01-27 13:53:13 +0900
committerToshi MARUYAMA <marutosijp2@yahoo.co.jp>2017-01-27 13:53:13 +0900
commitc388393e8c59b5e799cebf42ac7fcde52440c824 (patch)
tree15c2289b686f7636319306ff786dc044d80f9573
parentdc1967cb83684b6020944f4f12faa278a85c7a87 (diff)
downloadrails-c388393e8c59b5e799cebf42ac7fcde52440c824.tar.gz
rails-c388393e8c59b5e799cebf42ac7fcde52440c824.tar.bz2
rails-c388393e8c59b5e799cebf42ac7fcde52440c824.zip
use rails-html-sanitizer >= 1.0.3
CVE-2015-7579 says rails-html-sanitizer 1.0.2 has XSS vulnerability.
-rw-r--r--actionview/actionview.gemspec2
1 files changed, 1 insertions, 1 deletions
diff --git a/actionview/actionview.gemspec b/actionview/actionview.gemspec
index 400bb156fa..cfaa5007a1 100644
--- a/actionview/actionview.gemspec
+++ b/actionview/actionview.gemspec
@@ -23,7 +23,7 @@ Gem::Specification.new do |s|
s.add_dependency "builder", "~> 3.1"
s.add_dependency "erubi", "~> 1.4"
- s.add_dependency "rails-html-sanitizer", "~> 1.0", ">= 1.0.2"
+ s.add_dependency "rails-html-sanitizer", "~> 1.0", ">= 1.0.3"
s.add_dependency "rails-dom-testing", "~> 2.0"
s.add_development_dependency "actionpack", version