Bump Ruby on Rails to 5.0.7.1 (!23396) · Merge requests · GitLab.org / GitLab FOSS · GitLab

blackst0ne requested to merge blackst0ne-bump-rails-cve-2018-16476 into master Nov 28, 2018

What does this MR do?

Bumps Ruby on Rails framework to 5.0.7.1.

Fix the CVE-2018-16476 vulnerability.

What are the relevant issue numbers?

https://gitlab.com/gitlab-com/gl-security/engineering/issues/296

Does this MR meet the acceptance criteria?

Changelog entry added, if necessary
Documentation created/updated
Tests added for this feature/bug
Conforms to the code review guidelines
Conforms to the merge request performance guidelines
Conforms to the style guides
Conforms to the database guides
Link to e2e tests MR added if this MR has Requires e2e tests label. See the Test Planning Process.

Edited Jan 02, 2019 by Grzegorz Bizon