Vulnerability in dependencies of schleuder-web

From: schleuder at
Date: Thu Mar 29 13:44:02 CEST 2018

Anyone running schleuder-web should as soon as possible update the gems
"loofah" and "rails-html-sanitizer" by running
"bundle update loofah rails-html-sanitizer".
Afterwards restart the application.

Details on the vulnerabilities:
CVE-2018-8048: <>
CVE-2018-3741: <>

In case of problems, questions or feedback, please use the issue-tracker
<> or send us an email
to schleuder at

Best wishes,
schleuder dev team

-------------- next part --------------
To receive the public gpg key for this address send a
mail to schleuder-sendkey at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: </pipermail/schleuder-announce/attachments/20180329/2acb718d/attachment.sig>