Skip to content

Commit

Permalink
Upgrade Ruby to 2.7.3 (mastodon#16004)
Browse files Browse the repository at this point in the history 
* Upgrade Ruby to 2.7.3

https://www.ruby-lang.org/en/news/2021/04/05/ruby-2-7-3-released/
includes security fixes to
- CVE-2021-28965: XML round-trip vulnerability in REXML
- CVE-2021-28966: Path traversal in Tempfile on Windows

* Update rexml to 3.2.5

https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/
  • Loading branch information
@zunda
zunda authored Apr 9, 2021
1 parent 3f2533c commit 3f8d0de
Show file tree
Hide file tree
Showing 3 changed files with 4 additions and 4 deletions.
2 changes: 1 addition & 1 deletion .ruby-version
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
2.7.2
2.7.3
2 changes: 1 addition & 1 deletion Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ RUN ARCH= && \
mv node-v$NODE_VER-linux-$ARCH /opt/node

# Install Ruby
ENV RUBY_VER="2.7.2"
ENV RUBY_VER="2.7.3"
RUN apt-get update && \
apt-get install -y --no-install-recommends build-essential \
bison libyaml-dev libgdbm-dev libreadline-dev libjemalloc-dev \
Expand Down
4 changes: 2 additions & 2 deletions Gemfile.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -436,7 +436,7 @@ GEM
parallel (1.20.1)
parallel_tests (3.6.0)
parallel
parser (3.0.0.0)
parser (3.0.1.0)
ast (~> 2.4.1)
parslet (2.0.0)
pastel (0.8.0)
Expand Down Expand Up @@ -529,7 +529,7 @@ GEM
responders (3.0.1)
actionpack (>= 5.0)
railties (>= 5.0)
rexml (3.2.4)
rexml (3.2.5)
rotp (6.2.0)
rpam2 (4.0.2)
rqrcode (1.2.0)
Expand Down

0 comments on commit 3f8d0de

Please sign in to comment.