[3.0] update sprockets to fix cve-2018-3760 cve#2018-3760

SUSE / velum

Dashboard for CaaS Platform clusters (v1, v2 and v3)

https://www.suse.com/

Apache License 2.0

54 stars 30 forks source link

[3.0] update sprockets to fix cve-2018-3760 cve#2018-3760 #662

Closed jordimassaguerpla closed 5 years ago

jordimassaguerpla commented 5 years ago

Backport of https://github.com/kubic-project/velum/pull/591

Signed-off-by: Jordi Massaguer Pla jmassaguerpla@suse.de (cherry picked from commit f94cdfd33a544c072cd7d924ce5cb721c212ef8a)

jordimassaguerpla commented 5 years ago

adding no bugzilla ref because it has a cve ref, which should be enough.

jordimassaguerpla commented 5 years ago

We will have to update rubygem-sprockets RPM to make this fix really work. We don't need to release the code fix cause when building the RPM, the Gemfile.lock is regenerated.

jordimassaguerpla commented 5 years ago

The rubygem-sprockets RPM has been submitted.