* Fix CVE-2013-0269 by updating the gems json to 1.7.7 and multi\_json to...

* Fix CVE-2013-0269 by updating the gems json to 1.7.7 and multi\_json to 1.5.1. [Read more](https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_YvCpLzL58) * Additionally ensure can't affect us by bumping Rails to 3.2.12. [Read more](https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/AFBKNY7VSH8) * And exclude CVE-2013-0262 and CVE-2013-0263 by updating rack to 1.4.5.

* Fix CVE-2013-0269 by updating the gems json to 1.7.7 and multi\_json to...
f2ce9fa1 · Jonne Haß · dfbb6fa3 · f2ce9fa1 · f2ce9fa1 · f2ce9fa1
--- a/Changelog.md
+++ b/Changelog.md
+# 0.0.2.5
+* Fix CVE-2013-0269 by updating the gems json to 1.7.7 and multi\_json to 1.5.1. [Read more](https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_YvCpLzL58)
+* Additionally ensure can't affect us by bumping Rails to 3.2.12. [Read more](https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/AFBKNY7VSH8)
+* And exclude CVE-2013-0262 and CVE-2013-0263 by updating rack to 1.4.5.
 # 0.0.2.4
 * Fix XSS vulnerabilities caused by not escaping a users name fields when loading it from JSON. [#3948](https://github.com/diaspora/diaspora/issues/3948)

--- a/Gemfile
+++ b/Gemfile
 source 'http://rubygems.org'
-gem 'rails', '3.2.11'
+gem 'rails', '3.2.12'
 gem 'foreman', '0.60.2'
@@ -63,7 +63,7 @@ gem 'mini_magick', '3.4'
 # JSON and API
-gem 'json', '1.7.5'
+gem 'json', '1.7.7'
 gem 'acts_as_api', '0.4.1 '
 # localization

--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -17,34 +17,34 @@ GIT
 GEM
  remote: http://rubygems.org/
  specs:
-    actionmailer (3.2.11)
+    actionmailer (3.2.12)
-      actionpack (= 3.2.11)
+      actionpack (= 3.2.12)
      mail (~> 2.4.4)
-    actionpack (3.2.11)
+    actionpack (3.2.12)
-      activemodel (= 3.2.11)
+      activemodel (= 3.2.12)
-      activesupport (= 3.2.11)
+      activesupport (= 3.2.12)
      builder (~> 3.0.0)
      erubis (~> 2.7.0)
      journey (~> 1.0.4)
-      rack (~> 1.4.0)
+      rack (~> 1.4.5)
      rack-cache (~> 1.2)
      rack-test (~> 0.6.1)
      sprockets (~> 2.2.1)
-    activemodel (3.2.11)
+    activemodel (3.2.12)
-      activesupport (= 3.2.11)
+      activesupport (= 3.2.12)
      builder (~> 3.0.0)
-    activerecord (3.2.11)
+    activerecord (3.2.12)
-      activemodel (= 3.2.11)
+      activemodel (= 3.2.12)
-      activesupport (= 3.2.11)
+      activesupport (= 3.2.12)
      arel (~> 3.0.2)
      tzinfo (~> 0.3.29)
    activerecord-import (0.2.11)
      activerecord (~> 3.0)
      activerecord (~> 3.0)
-    activeresource (3.2.11)
+    activeresource (3.2.12)
-      activemodel (= 3.2.11)
+      activemodel (= 3.2.12)
-      activesupport (= 3.2.11)
+      activesupport (= 3.2.12)
-    activesupport (3.2.11)
+    activesupport (3.2.12)
      i18n (~> 0.6)
      multi_json (~> 1.0)
    acts-as-taggable-on (2.3.3)
@@ -208,7 +208,7 @@ GEM
      jquery-rails
      railties (>= 3.1.0)
    jruby-pageant (1.1.1)
-    json (1.7.5)
+    json (1.7.7)
    jwt (0.1.5)
      multi_json (>= 1.0)
    kaminari (0.14.1)
@@ -225,13 +225,13 @@ GEM
      treetop (~> 1.4.8)
    messagebus_ruby_api (1.0.3)
    method_source (0.8.1)
-    mime-types (1.19)
+    mime-types (1.21)
    mini_magick (3.4)
      subexec (~> 0.2.1)
    mobile-fu (1.1.0)
      rack-mobile-detect
      rails
-    multi_json (1.5.0)
+    multi_json (1.5.1)
    multipart-post (1.1.5)
    mysql2 (0.3.11)
    nested_form (0.2.3)
@@ -273,7 +273,7 @@ GEM
      coderay (~> 1.0.5)
      method_source (~> 0.8)
      slop (~> 3.3.1)
-    rack (1.4.4)
+    rack (1.4.5)
    rack-cache (1.2)
      rack (>= 0.4)
    rack-cors (0.2.7)
@@ -292,14 +292,14 @@ GEM
      rack
    rack-test (0.6.2)
      rack (>= 1.0)
-    rails (3.2.11)
+    rails (3.2.12)
-      actionmailer (= 3.2.11)
+      actionmailer (= 3.2.12)
-      actionpack (= 3.2.11)
+      actionpack (= 3.2.12)
-      activerecord (= 3.2.11)
+      activerecord (= 3.2.12)
-      activeresource (= 3.2.11)
+      activeresource (= 3.2.12)
-      activesupport (= 3.2.11)
+      activesupport (= 3.2.12)
      bundler (~> 1.0)
-      railties (= 3.2.11)
+      railties (= 3.2.12)
    rails-i18n (0.7.0)
      i18n (~> 0.5)
    rails_admin (0.2.0)
@@ -318,9 +318,9 @@ GEM
      sass-rails (~> 3.1)
    rails_autolink (1.0.9)
      rails (~> 3.1)
-    railties (3.2.11)
+    railties (3.2.12)
-      actionpack (= 3.2.11)
+      actionpack (= 3.2.12)
-      activesupport (= 3.2.11)
+      activesupport (= 3.2.12)
      rack-ssl (~> 1.3.2)
      rake (>= 0.8.7)
      rdoc (~> 3.4)
@@ -330,7 +330,7 @@ GEM
    rb-fsevent (0.9.2)
    rb-inotify (0.8.8)
      ffi (>= 0.5.0)
-    rdoc (3.12)
+    rdoc (3.12.1)
      json (~> 1.4)
    redcarpet (2.2.2)
    redis (3.0.2)
@@ -456,7 +456,7 @@ DEPENDENCIES
  i18n-inflector-rails (~> 1.0)
  jasmine (= 1.2.1)
  jquery-rails (= 2.1.3)
-  json (= 1.7.5)
+  json (= 1.7.7)
  markerb!
  messagebus_ruby_api (= 1.0.3)
  mini_magick (= 3.4)
@@ -473,7 +473,7 @@ DEPENDENCIES
  rack-protection (= 1.2)
  rack-rewrite (= 1.3.1)
  rack-ssl (= 1.3.2)
-  rails (= 3.2.11)
+  rails (= 3.2.12)
  rails-i18n (= 0.7.0)
  rails_admin (= 0.2.0)
  rails_autolink (= 1.0.9)

--- a/config/defaults.yml
+++ b/config/defaults.yml
@@ -4,7 +4,7 @@
 defaults:
  version:
-    number: "0.0.2.4"
+    number: "0.0.2.5"
    release: true # Do not touch unless in a merge conflict on doing a release, master should have a commit setting this to true which is not backported to the develop branch.
  heroku: false
  environment: