Vulnerability in dependencies of schleuder-web

From: schleuder at nadir.org
Date: Thu Mar 29 13:44:02 CEST 2018

Anyone running schleuder-web should as soon as possible update the gems
"loofah" and "rails-html-sanitizer" by running
"bundle update loofah rails-html-sanitizer".
Afterwards restart the application.

Details on the vulnerabilities:
CVE-2018-8048: <https://github.com/flavorjones/loofah/issues/144>
CVE-2018-3741: <https://hackerone.com/reports/328270>


In case of problems, questions or feedback, please use the issue-tracker
<https://0xacab.org/schleuder/schleuder-web/issues> or send us an email
to schleuder at nadir.org.


Best wishes,
schleuder dev team

-------------- next part --------------
To receive the public gpg key for this address send a
mail to schleuder-sendkey at nadir.org.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: </pipermail/schleuder-announce/attachments/20180329/2acb718d/attachment.sig>