kaminari-cells icon indicating copy to clipboard operation
kaminari-cells copied to clipboard

Published 20 hours ago verified publisher icon apotonick

Kaminari 1.2.1 patch for XSS vulnerability

Open gffuentes opened this issue 4 years ago • 1 comments

hello!

Looks like a vulnerability was found in Kaminari and then patched in 1.2.1. (https://groups.google.com/forum/?utm_medium=email&utm_source=footer#!msg/ruby-security-ann/1wDvZ6Aaoo8/sBL9aWtLAQAJ)

Would it be possible to update the dependency?

Thank you!

gffuentes avatar Jun 04 '20 13:06 gffuentes

The dependency is "~> 1.2.0", which means you can go from 1.2.0 to 1.2.infinity.

See https://stackoverflow.com/questions/5170547/what-does-tilde-greater-than-mean-in-ruby-gem-dependencies

ramontayag avatar Jun 26 '20 01:06 ramontayag