rubyzip 1.2.1 dependency is shown to have security vulnerabilities.

randym / axlsx

xlsx generation with charts, images, automated column width, customizable styles and full schema validation. Axlsx excels at helping you generate beautiful Office Open XML Spreadsheet documents without having to understand the entire ECMA specification. Check out the README for some examples of how easy it is. Best of all, you can validate your xlsx file before serialization so you know for sure that anything generated is going to load on your client's machine.

MIT License

2.62k stars 696 forks source link

rubyzip 1.2.1 dependency is shown to have security vulnerabilities. #599

Open waterjump opened 6 years ago

waterjump commented 6 years ago

To follow up on this issue, rubyzip 1.2.1 is now also shown to have security vulnerabilities. See details here: https://github.com/rubyzip/rubyzip/issues/369

Solution: Disable rubyzip or apply a patch whenever one becomes available.

bashcoder commented 6 years ago

Rubyzip is now released at 1.2.2 on Rubygems.org which resolves this vulnerability, according to bundler audit.

https://rubygems.org/gems/rubyzip

mdavidn commented 6 years ago

See #536.