From 1c119dd7928ddd3e6ee15c1fdd89cfe050b90125 Mon Sep 17 00:00:00 2001 From: Blake Date: Fri, 5 Jun 2020 11:47:55 -0700 Subject: [PATCH 1/3] Update websocket-extensions to address CVE-2020-7663 See the CVE [here](https://nvd.nist.gov/vuln/detail/CVE-2020-7663). The fix is just to bump the version. --- websocket-driver.gemspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/websocket-driver.gemspec b/websocket-driver.gemspec index cf1def0..a549844 100644 --- a/websocket-driver.gemspec +++ b/websocket-driver.gemspec @@ -24,7 +24,7 @@ Gem::Specification.new do |s| s.files = files - s.add_dependency 'websocket-extensions', '>= 0.1.0' + s.add_dependency 'websocket-extensions', '>= 0.1.5' s.add_development_dependency 'eventmachine' s.add_development_dependency 'permessage_deflate' From 1ef88a409508888c943822ba5d5ff7fc2d5ea6f2 Mon Sep 17 00:00:00 2001 From: Blake Date: Fri, 5 Jun 2020 11:56:39 -0700 Subject: [PATCH 2/3] Update the Changelog --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6476f58..db2d621 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,7 @@ +### 0.7.2.1 / 2020-06-05 + +- Bump websocket-extensions dependency to 0.15 to address CVE-2020-7663 + ### 0.7.2 / 2020-05-22 - Emit `ping` and `pong` events from the `Server` driver From 247afbb572e7b78c031c35c14abb9a529f91e16c Mon Sep 17 00:00:00 2001 From: Blake Date: Fri, 5 Jun 2020 11:57:15 -0700 Subject: [PATCH 3/3] Bump the version in the gemspec to reflect new patch. --- websocket-driver.gemspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/websocket-driver.gemspec b/websocket-driver.gemspec index a549844..69073ea 100644 --- a/websocket-driver.gemspec +++ b/websocket-driver.gemspec @@ -1,6 +1,6 @@ Gem::Specification.new do |s| s.name = 'websocket-driver' - s.version = '0.7.2' + s.version = '0.7.2.1' s.summary = 'WebSocket protocol handler with pluggable I/O' s.author = 'James Coglan' s.email = 'jcoglan@gmail.com'