Closed Bhargav-Rao closed 6 years ago
If there is a possibility of a security vulnerability, wouldn't it be better if you sent an email to the maintainers (Art and Undo?) instead of posting it here? A person could take advantage of the vulnerability (if there is one).
Hmm, actually I am not even sure if there's a need of a mail. There's a huge banner, atleast for me, when I visit the repo, telling that there is an issue.
Repository admins get security alert banners like that, but emails are still useful - they may not get seen that quickly. These are the same vulnerabilities that were in metasmoke, those Gemfile updates fixed them.
@Fortunate-MAN can you look into this issue as well? As this's also related to ruby, I think.
The issue is still present. There's more secy vulnerabilities in the present mail.
@Bhargav-Rao on it.
@Bhargav-Rao all done; it was just a matter of updating the Gemfile.
Perfect, thanks so much!
Received a mail, a couple of days back regarding secy vulnerabilities and seems like 2 dependencies of Redunda are creating a small problem. The suggested fix is:
Gemfile.lock update suggested: nokogiri ~> 1.8.1.
Gemfile.lock update suggested: loofah ~> 2.2.1.