Skip to content

Commit

Permalink
Force loofah 2.3 in response to CVE-2018-8048
Browse files Browse the repository at this point in the history
- The report actually says:
"loofah gem 2.13.0 is vulnerable (CVE-2018-8048). Upgrade to 2.2.1."

- On closer inspection, you'll see that 2.2.1 is a *downgrade* from 2.13.0
A known issue:
flavorjones/loofah#209
  • Loading branch information
tobyprivett committed Dec 22, 2021
1 parent 63435bb commit db6adac
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion Gemfile.lock
Original file line number Diff line number Diff line change
Expand Up @@ -276,7 +276,7 @@ GEM
kaminari-mongoid (1.0.1)
kaminari-core (~> 1.0)
mongoid
loofah (2.13.0)
loofah (2.3.0)
crass (~> 1.0.2)
nokogiri (>= 1.5.9)
mail (2.7.1)
Expand Down

0 comments on commit db6adac

Please sign in to comment.