Changelog
*Sourced from [dragonfly's changelog](https://github.com/markevans/dragonfly/blob/v0.8.6/History.md).*
> 0.8.6 (2013-03-26)
> ==================
> Fixes
> -----
> - Backport of security fix for CVE-2013-1756 (in version 0.9.13)
>
> 0.8.5 (2011-05-11)
> ==================
> Fixes
> -----
> - Allow filenames that have '..' in them (but not '../') in the filedatastore
> - Better security for server
>
> 0.8.4 (2011-04-27)
> ==================
> Fixes
> -----
> - Security fix for file data store
Commits
- [`719bb9e`](https://github.com/markevans/dragonfly/commit/719bb9e1cdbbe0b66b08815b0469ae61046fc24e) gemspec for 0.8.6
- [`b24d534`](https://github.com/markevans/dragonfly/commit/b24d534ce492dd21e784a95efae8be4f61ea3707) Version bump to 0.8.6
- [`e5ead59`](https://github.com/markevans/dragonfly/commit/e5ead599c41ce76d5cce9e4443f5f71c901c2388) doc update for 0.8.6
- [`aa64a60`](https://github.com/markevans/dragonfly/commit/aa64a60203d582082d13fccdcc47d34076b4ee50) Merge pull request [#260](https://github-redirect.dependabot.com/markevans/dragonfly/issues/260) from embarkmobile/ver0.8.x
- [`6825722`](https://github.com/markevans/dragonfly/commit/6825722c57be49b29742a37dd1acdcf9cfb097fe) Backport to fix CVE-2013-1756.
- [`a98236c`](https://github.com/markevans/dragonfly/commit/a98236c68596bcf09d692f3c3fb34297266e7237) Fix some dependencies.
- [`76bc7f1`](https://github.com/markevans/dragonfly/commit/76bc7f1086ada7b65b26dec86597a2b089f292a8) gemspec for 0.8.5
- [`f038962`](https://github.com/markevans/dragonfly/commit/f038962422796b8d543494138e9ef738de761928) Version bump to 0.8.5
- [`faef1c2`](https://github.com/markevans/dragonfly/commit/faef1c2ba9cdafe5b833241ab8b3a326059a6517) 0.8.1 -> 0.8.5 in doc
- [`f96cff3`](https://github.com/markevans/dragonfly/commit/f96cff31d5700d11faae77b91d33dc72995a0bab) Fix: files like 'hello..png' were not being fetched from datastore
- Additional commits viewable in [compare view](https://github.com/markevans/dragonfly/compare/v0.8.2...v0.8.6)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/bootic/Bootic-Wiki/network/alerts).
dependabot[bot]
commented
3 years ago
Bumps dragonfly from 0.8.2 to 0.8.6.
Changelog
*Sourced from [dragonfly's changelog](https://github.com/markevans/dragonfly/blob/v0.8.6/History.md).* > 0.8.6 (2013-03-26) > ================== > Fixes > ----- > - Backport of security fix for CVE-2013-1756 (in version 0.9.13) > > 0.8.5 (2011-05-11) > ================== > Fixes > ----- > - Allow filenames that have '..' in them (but not '../') in the filedatastore > - Better security for server > > 0.8.4 (2011-04-27) > ================== > Fixes > ----- > - Security fix for file data storeCommits
- [`719bb9e`](https://github.com/markevans/dragonfly/commit/719bb9e1cdbbe0b66b08815b0469ae61046fc24e) gemspec for 0.8.6 - [`b24d534`](https://github.com/markevans/dragonfly/commit/b24d534ce492dd21e784a95efae8be4f61ea3707) Version bump to 0.8.6 - [`e5ead59`](https://github.com/markevans/dragonfly/commit/e5ead599c41ce76d5cce9e4443f5f71c901c2388) doc update for 0.8.6 - [`aa64a60`](https://github.com/markevans/dragonfly/commit/aa64a60203d582082d13fccdcc47d34076b4ee50) Merge pull request [#260](https://github-redirect.dependabot.com/markevans/dragonfly/issues/260) from embarkmobile/ver0.8.x - [`6825722`](https://github.com/markevans/dragonfly/commit/6825722c57be49b29742a37dd1acdcf9cfb097fe) Backport to fix CVE-2013-1756. - [`a98236c`](https://github.com/markevans/dragonfly/commit/a98236c68596bcf09d692f3c3fb34297266e7237) Fix some dependencies. - [`76bc7f1`](https://github.com/markevans/dragonfly/commit/76bc7f1086ada7b65b26dec86597a2b089f292a8) gemspec for 0.8.5 - [`f038962`](https://github.com/markevans/dragonfly/commit/f038962422796b8d543494138e9ef738de761928) Version bump to 0.8.5 - [`faef1c2`](https://github.com/markevans/dragonfly/commit/faef1c2ba9cdafe5b833241ab8b3a326059a6517) 0.8.1 -> 0.8.5 in doc - [`f96cff3`](https://github.com/markevans/dragonfly/commit/f96cff31d5700d11faae77b91d33dc72995a0bab) Fix: files like 'hello..png' were not being fetched from datastore - Additional commits viewable in [compare view](https://github.com/markevans/dragonfly/compare/v0.8.2...v0.8.6)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/bootic/Bootic-Wiki/network/alerts).