Security Update: httpclient library to latest version (2.5.1) #60
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This is a security patch. With the latest version of httpclient, if you use this gem in an app already using httpclient, you will still be able to apply the security patch referenced here: nahi/httpclient#202 (comment) Also removed Gemfile.lock and added the file to .gitignore. It is not good to check in Gemfile.lock into version control, since it enforces precision that does not exist in the gem command, which is used to install gems in practice. See http://yehudakatz.com/2010/12/16/clarifying-the-roles-of-the-gemspec-and-gemfile/
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a security patch. With the latest version of httpclient, if you
use this gem in an app already using httpclient, you will still be able
to apply the security patch referenced here:
nahi/httpclient#202 (comment)
Basically, I cannot use this gem as it is currently and have a newer version
of httpclient used in my app, which allows me to apply the POODLE ssl fix.
Also removed Gemfile.lock and added the file to .gitignore. It is not
good to check in Gemfile.lock into version control, since it enforces
precision that does not exist in the gem command, which is used to
install gems in practice.
See http://yehudakatz.com/2010/12/16/clarifying-the-roles-of-the-gemspec-and-gemfile/