bump Rails to fix CVE-2014-7818

Changelog.md

@@ -1,3 +1,7 @@
+# 0.4.1.2
+
+* Update Rails, fixes [CVE-2014-7818](https://groups.google.com/forum/#!topic/rubyonrails-security/dCp7duBiQgo).
+
 # 0.4.1.1
 
 * Fix XSS issue in poll questions [#5274](https://github.com/diaspora/diaspora/issues/5274)

Gemfile

@@ -1,6 +1,6 @@
 source 'https://rubygems.org'
 
-gem 'rails', '3.2.19'
+gem 'rails', '3.2.20'
 
 # Appserver
 

Gemfile.lock

@@ -1,33 +1,33 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    actionmailer (3.2.19)
-      actionpack (= 3.2.19)
+    actionmailer (3.2.20)
+      actionpack (= 3.2.20)
       mail (~> 2.5.4)
-    actionpack (3.2.19)
-      activemodel (= 3.2.19)
-      activesupport (= 3.2.19)
+    actionpack (3.2.20)
+      activemodel (= 3.2.20)
+      activesupport (= 3.2.20)
       builder (~> 3.0.0)
       erubis (~> 2.7.0)
       journey (~> 1.0.4)
       rack (~> 1.4.5)
       rack-cache (~> 1.2)
       rack-test (~> 0.6.1)
       sprockets (~> 2.2.1)
-    activemodel (3.2.19)
-      activesupport (= 3.2.19)
+    activemodel (3.2.20)
+      activesupport (= 3.2.20)
       builder (~> 3.0.0)
-    activerecord (3.2.19)
-      activemodel (= 3.2.19)
-      activesupport (= 3.2.19)
+    activerecord (3.2.20)
+      activemodel (= 3.2.20)
+      activesupport (= 3.2.20)
       arel (~> 3.0.2)
       tzinfo (~> 0.3.29)
     activerecord-import (0.3.1)
       activerecord (~> 3.0)
-    activeresource (3.2.19)
-      activemodel (= 3.2.19)
-      activesupport (= 3.2.19)
-    activesupport (3.2.19)
+    activeresource (3.2.20)
+      activemodel (= 3.2.20)
+      activesupport (= 3.2.20)
+    activesupport (3.2.20)
       i18n (~> 0.6, >= 0.6.4)
       multi_json (~> 1.0)
     acts-as-taggable-on (3.2.6)
@@ -202,7 +202,7 @@ GEM
     hashie (2.1.1)
     hike (1.2.3)
     http_accept_language (1.0.2)
-    i18n (0.6.9)
+    i18n (0.6.11)
     i18n-inflector (2.6.7)
       i18n (>= 0.4.1)
     i18n-inflector-rails (1.0.7)
@@ -317,14 +317,14 @@ GEM
       rack
     rack-test (0.6.2)
       rack (>= 1.0)
-    rails (3.2.19)
-      actionmailer (= 3.2.19)
-      actionpack (= 3.2.19)
-      activerecord (= 3.2.19)
-      activeresource (= 3.2.19)
-      activesupport (= 3.2.19)
+    rails (3.2.20)
+      actionmailer (= 3.2.20)
+      actionpack (= 3.2.20)
+      activerecord (= 3.2.20)
+      activeresource (= 3.2.20)
+      activesupport (= 3.2.20)
       bundler (~> 1.0)
-      railties (= 3.2.19)
+      railties (= 3.2.20)
     rails-i18n (0.7.4)
       i18n (~> 0.5)
     rails-timeago (2.4.0)
@@ -347,9 +347,9 @@ GEM
       sass-rails (~> 3.1)
     rails_autolink (1.1.5)
       rails (> 3.1)
-    railties (3.2.19)
-      actionpack (= 3.2.19)
-      activesupport (= 3.2.19)
+    railties (3.2.20)
+      actionpack (= 3.2.20)
+      activesupport (= 3.2.20)
       rack-ssl (~> 1.3.2)
       rake (>= 0.8.7)
       rdoc (~> 3.4)
@@ -415,7 +415,7 @@ GEM
       railties (>= 3.1)
     slop (3.5.0)
     spork (1.0.0rc4)
-    sprockets (2.2.2)
+    sprockets (2.2.3)
       hike (~> 1.2)
       multi_json (~> 1.0)
       rack (~> 1.0)
@@ -442,7 +442,7 @@ GEM
       simple_oauth (~> 0.2)
     typhoeus (0.6.8)
       ethon (>= 0.7.0)
-    tzinfo (0.3.39)
+    tzinfo (0.3.42)
     uglifier (2.5.0)
       execjs (>= 0.3.0)
       json (>= 1.8.0)
@@ -523,7 +523,7 @@ DEPENDENCIES
   rack-protection (= 1.2)
   rack-rewrite (= 1.5.0)
   rack-ssl (= 1.3.3)
-  rails (= 3.2.19)
+  rails (= 3.2.20)
   rails-i18n (= 0.7.4)
   rails-timeago (= 2.4.0)
   rails_admin (= 0.4.9)

config/defaults.yml

@@ -4,7 +4,7 @@
 
 defaults:
   version:
-    number: "0.4.1.1" # Do not touch unless doing a release, do not backport the version number that's in master but keep develop to always say "head"
+    number: "0.4.1.2" # Do not touch unless doing a release, do not backport the version number that's in master but keep develop to always say "head"
   heroku: false
   environment:
     url: "http://localhost:3000/"