search

randym / axlsx

xlsx generation with charts, images, automated column width, customizable styles and full schema validation. Axlsx excels at helping you generate beautiful Office Open XML Spreadsheet documents without having to understand the entire ECMA specification. Check out the README for some examples of how easy it is. Best of all, you can validate your xlsx file before serialization so you know for sure that anything generated is going to load on your client's machine.
MIT License
2.62k stars 696 forks source link

Address security vulnerability in rubyzip dependency #602

Open waterjump opened 6 years ago

waterjump commented 6 years ago

The rubyzip gem version 1.2.1 contains a security vulnerability allowing absolute path traversal. More details can be found here:

https://github.com/rubyzip/rubyzip/issues/369

This change addresses the issue by specifying a rubyzip version greater than or equal to 1.2.2.

Solves issue #599

why-el commented 6 years ago

@waterjump any chance you release a new version with this change? It's a pretty serious one.

waterjump commented 6 years ago

@why-el Seems like bumping it to 3.0.1 would be a good idea. I'd like to confirm with the gem owner because people tend to do this differently from time to time and there's nothing in the README about contribution guidelines etc.

why-el commented 6 years ago

Ok, thanks the prompt response. Up to @randym then.

noniq commented 6 years ago

See also #536

sullyvannunes commented 6 years ago

I am facing this same problem with rubyzip version. is there any update about this issue?

courtsimas commented 6 years ago

Ping. What's the latest?

waterjump commented 6 years ago

@courtsimas We are waiting on feedback from @randym regarding version bump.