gems: update webrick to version 1.6.1

- explicitly use webrick gem version with patch against CVE-2020-25613
- https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/
- webrick versions bundled with ruby are vulnerable at this point
This commit is contained in:
cn 2020-10-02 00:49:14 +02:00
parent fc4d731434
commit fd1d58abd6
2 changed files with 7 additions and 0 deletions

View File

@ -1,5 +1,11 @@
# Changelog
## 3.1.1
IMPROVEMENTS:
- Use webrick gem which contains fixes against [CVE-2020-25613](https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/)
## 3.1.0 (August 19, 2020)
IMPROVEMENTS:

View File

@ -33,6 +33,7 @@ Gem::Specification.new do |s|
s.add_runtime_dependency 'opentracing', '~> 0.5.0'
s.add_runtime_dependency 'rack', '~> 2.0'
s.add_runtime_dependency 'rack-tracer', '~> 0.9.0'
s.add_runtime_dependency 'webrick', '>= 1.6.1'
s.add_development_dependency 'bundler'
s.add_development_dependency 'bundler-audit', '~> 0.7.0'