Gemfile update - because of security risk - CVE-2013-0263

presidentbeef / brakeman-site

Website for Brakeman

https://brakemanscanner.org

7 stars 18 forks source link

Gemfile update - because of security risk - CVE-2013-0263 #10

Closed Kosmas closed 10 years ago

Kosmas commented 10 years ago

Hi,

it seems there is a security risk with the rack version used.

It is described here:

http://www.security-database.com/detail.php?alert=CVE-2013-0263

This is an gem update.

presidentbeef commented 10 years ago

Hi Kosmas,

The Brakeman site is hosted by GitHub pages, the only use of rack is for local development. Additionally, there is no session information used. Since you updated all the gems instead of just rack, I'm afraid I won't be merging this.

Thanks for being concerned, though!

Kosmas commented 10 years ago

No problem @presidentbeef..

Took the easy option of updating all the gems after seeing the security warning.

But you are right, it does not make sense to do that ;-)