bundle update nokogiri (!352) · Merge requests · thoughtbot, inc. / administrate

Closed Administrator requested to merge github/fork/nando/nokogiri-update into master Dec 18, 2015

Created by: nando

Problem:

Running bundler-audit reveals a security vulnerability in Nokogiri:

$ bundle:audit
Name: nokogiri
Version: 1.6.7
Advisory: CVE-2015-5312
Criticality: High
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s
Title: Nokogiri gem contains several vulnerabilities in libxml2
Solution: upgrade to >= 1.6.7.1

Vulnerabilities found!

Solution:

bundle update nokogiri