Release 4.1.2

.travis.yml

@@ -1,11 +1,12 @@
 rvm:
-  - 2.0.0
   - 2.1.0
   - 2.1.1
   - 2.2.2
   - 2.3.0
   - 2.4.0
-  - jruby-19mode
+  - jruby-9.1.8.0
+jdk:
+  - oraclejdk8
 before_install:
  - sudo apt-get update
  - sudo apt-get install libicu-dev

HISTORY.md

@@ -1,3 +1,7 @@
+# 4.1.2 /2017-08-07
+
+* Lock to a newer version of gollum-lib to avoid installing an outdated and vulnerable dependency (nokogiri) on ruby 2.0. See https://github.com/gollum/gollum-lib/pull/279. Note: this breaks semantic versioning so those using outdated rubies will discover the problem on update.
+
 # 4.1.0 /2017-03-09
 
 * Added file deletion functionality to file view

gollum.gemspec

@@ -5,8 +5,8 @@ Gem::Specification.new do |s|
   s.required_ruby_version = '>= 1.9'
 
   s.name              = 'gollum'
-  s.version           = '4.1.1'
-  s.date              = '2017-04-17'
+  s.version           = '4.1.2'
+  s.date              = '2017-08-07'
   s.rubyforge_project = 'gollum'
   s.license           = 'MIT'
 
@@ -24,7 +24,7 @@ Gem::Specification.new do |s|
   s.rdoc_options = ['--charset=UTF-8']
   s.extra_rdoc_files = %w[README.md LICENSE]
 
-  s.add_dependency 'gollum-lib', '~> 4.0', '>= 4.0.1'
+  s.add_dependency 'gollum-lib', '>= 4.2.7'
   s.add_dependency 'kramdown', '~> 1.9.0'
   s.add_dependency 'sinatra', '~> 1.4', '>= 1.4.4'
   s.add_dependency 'mustache', ['>= 0.99.5', '< 1.0.0']

lib/gollum.rb

@@ -16,7 +16,7 @@ require File.expand_path('../gollum/uri_encode_component', __FILE__)
 $KCODE = 'U' if RUBY_VERSION[0, 3] == '1.8'
 
 module Gollum
-  VERSION = '4.1.1'
+  VERSION = '4.1.2'
 
   def self.assets_path
     ::File.expand_path('gollum/public', ::File.dirname(__FILE__))