Releases · bradpotts/multi-tenancy-warden

Updated to rails version 5.1.1
Updated to database_cleaner version 1.6.1
Addin and updated to version nokogiri version 1.7.2

Updated to phcnotifi version 4.1.4
Updated to phctitleseo version 5.1.4

Updated to phcadmin1 version 10.0.0
Updated to phcadmin2 version 8.0.0
Updated to phcadmin3 version 5.0.0

Updated to phcadmin1 version 14.0.0
Updated to phcadmin2 version 5.0.0
Updated to device version 4.3.0

Updated to rspec-rails version 3.6.0

force update to mail version 2.7.0.rc1 (actionmailer dependency)

Security Fix 1 - Updated to mail version 2.7.0.rc1 which addresses this issue.
The Mail library does not impose a length limit on email addresses, so an attacker can send a long spam message via a recipient address unless there is a limit on the application’s side. The attacker-injected message in the recipient address is processed by the server. This type of vulnerability can be real threats in inquiry forms, member signup forms, or any other application that delivers an email to a user-specified email address.

Security Fix 2 - Updated several dependencies which address these issues.
CVE-2017-5029: The xsltAddTextString function in transform.c lacks a check for integer overflow during a size calculation, which allows a remote attacker to perform an out of bounds memory write via a crafted HTML page.
CVE-2016-1683: numbers.c in libxslt mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document.
CVE-2016-1841: libxslt allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Releases: bradpotts/multi-tenancy-warden

Rails 5.1 - Updated Dependencies w/ Security Fixes

Rails 5.1 - Update Process to 5.1

Rails 5.0 - Updated Dependencies