Skip to content

2.5.0
Compare
Choose a tag to compare
@fschuindt fschuindt released this 13 Apr 20:04
· 26 commits to master since this release
2.5.0
74ffb26
This commit was signed with the committer’s verified signature.
fschuindt Fernando Schuindt
GPG key ID: 0D281E2FDA2108A7
Learn about vigilant mode.

Fixed

  • Local Code Execution through Argument Injection via dash leading git url parameter in Gemfile CVE-2021-43809.
  • Dependency Confusion in Bundler CVE-2020-36327.
  • Insecure path handling in Bundler CVE-2019-3881.

Changed

  • Using Bundler 2.3.11.
  • Using Time.current instead of Time.now to work with timezones PR 34.
  • Caching certificates on memory using Thread to avoid unnecessary calls into Redis PR 33.
Assets 3
Loading