Project

General

Profile

Actions
Copy link

Refactor #13698

closed

update to rest-client 1.8.x

Added by Anonymous about 9 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Packaging
Target version:
1.12.0
Difficulty:
Triaged:
Bugzilla link:
Pull request:
https://github.com/theforeman/foreman/pull/3175
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

rest-client is pinned to '~> 1.6.0' at the moment, blocking an update to a newer rbovirt. Also 1.6.9 has two security issues which are probably not critical for Foreman core, but won't get resolved in 1.6.x:

Name: rest-client
Version: 1.6.9
Advisory: CVE-2015-1820
Criticality: Unknown
URL: https://github.com/rest-client/rest-client/issues/369
Title: rubygem-rest-client: session fixation vulnerability via Set-Cookie headers in 30x redirection responses
Solution: upgrade to >= 1.8.0

Name: rest-client
Version: 1.6.9
Advisory: CVE-2015-3448
Criticality: Unknown
URL: http://www.osvdb.org/show/osvdb/117461
Title: Rest-Client Gem for Ruby logs password information in plaintext
Solution: upgrade to >= 1.7.3

Related issues 3 (0 open3 closed)

Blocks Foreman - Feature #8289: use cloudinit user data in ovirt/rhev compute ressourceClosedKarim Boumedhel11/05/2014Actions
Blocked by Katello - Refactor #13699: update to rest-client 1.8.xRejected02/14/2016Actions
Blocks Packaging - Feature #14809: Build RPMs for Fedora 24ClosedDominic Cleal04/26/2016Actions
Actions
Copy link

Also available in: Atom PDF