Portus 2.3 security releases
As you have probably noticed, some weeks ago we released 2.3.1, and today we just released 2.3.2. These releases tackle two CVEs affecting a couple of dependencies from Portus:
- CVE-2018-8048:
which affects the
loofah
gem. - CVE-2018-3741:
which affects the
rails-html-sanitizer
gem.
These releases are just about upgrading these two gems to secure versions: there are no code changes.
The Docker image
The 2.3
and the latest
tags from the official Docker
image are already pointing to the
2.3.2 release, so a simple docker pull
should get you covered.