We're updating the issue view to help you get more done.Learn more

Remove rubyzip 1.2.1

Name: rubyzip
Version: 1.2.1
Advisory: CVE-2018-1000544
Criticality: Unknown
URL: https://github.com/rubyzip/rubyzip/issues/369
Title: Directory Traversal in rubyzip
Solution: remove or disable this gem until a patch is available!

As of Aug 28, 2018 there's no patch for this vulnerability. The gem is used only by selenium-webdriver, which is a test-only dependency (for AO3-4787 ), so we can remove both rubyzip and selenium-webdriver for now.

How to test: none, it's just tests.

Status

Assignee

redsummernight

Reporter

redsummernight

Roadmap

Misc

Priority

Medium

Affects versions

0.9.220

Fix versions

Components

AutomatedTests

Difficulty

Medium

Epic Link

Milestone

Internal 0.9