gems: update webrick to version 1.6.1

- explicitly use webrick gem version with patch against CVE-2020-25613 - https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/ - webrick versions bundled with ruby are vulnerable at this point
2024-12-21 14:54:22 +01:00 · 2020-10-02 00:49:14 +02:00 · 2020-10-02 00:49:14 +02:00 · fd1d58abd6
commit fd1d58abd6
parent fc4d731434
2 changed files with 7 additions and 0 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,5 +1,11 @@
 # Changelog

+## 3.1.1
+
+IMPROVEMENTS:
+
+- Use webrick gem which contains fixes against [CVE-2020-25613](https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/)
+
 ## 3.1.0 (August 19, 2020)

 IMPROVEMENTS:
--- a/dyndnsd.gemspec
+++ b/dyndnsd.gemspec
@ -33,6 +33,7 @@ Gem::Specification.new do |s|
  s.add_runtime_dependency 'opentracing', '~> 0.5.0'
  s.add_runtime_dependency 'rack', '~> 2.0'
  s.add_runtime_dependency 'rack-tracer', '~> 0.9.0'
+  s.add_runtime_dependency 'webrick', '>= 1.6.1'

  s.add_development_dependency 'bundler'
  s.add_development_dependency 'bundler-audit', '~> 0.7.0'