From f464f98fd3b8ef33b3afa5acf09e829c046134de Mon Sep 17 00:00:00 2001 From: Yamagishi Kazutoshi Date: Mon, 2 Apr 2018 06:43:08 +0900 Subject: [PATCH] Update Ruby to version 2.4.4 (#6964) https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/ > This release includes some bug fixes and some security fixes. > > - CVE-2017-17742: HTTP response splitting in WEBrick > - CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir > - CVE-2018-8777: DoS by large request in WEBrick > - CVE-2018-8778: Buffer under-read in String#unpack > - CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket > - CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir > - Multiple vulnerabilities in RubyGems --- .ruby-version | 2 +- .travis.yml | 2 +- Dockerfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.ruby-version b/.ruby-version index 437459cd9..73462a5a1 100644 --- a/.ruby-version +++ b/.ruby-version @@ -1 +1 @@ -2.5.0 +2.5.1 diff --git a/.travis.yml b/.travis.yml index 576659aaf..989237a19 100644 --- a/.travis.yml +++ b/.travis.yml @@ -39,7 +39,7 @@ addons: - yarn rvm: - - 2.4.2 + - 2.4.3 - 2.5.0 services: diff --git a/Dockerfile b/Dockerfile index 0801f5747..5f17c5b89 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ruby:2.4.3-alpine3.6 +FROM ruby:2.4.4-alpine3.6 LABEL maintainer="https://github.com/tootsuite/mastodon" \ description="Your self-hosted, globally interconnected microblogging community"