From 9ee792018571c131d55c237ac9cea3f81883fa16 Mon Sep 17 00:00:00 2001
From: Joe Rafaniello <jrafanie@redhat.com>
Date: Tue, 19 May 2020 13:38:19 -0400
Subject: [PATCH] Update ui-classic to match manageiq rails version

Note, ui-classic can't run without manageiq but we're updating it to be consistent.

From:
https://github.com/ManageIQ/manageiq/pull/20188

[CVE-2020-8162] Circumvention of file size limits in ActiveStorage
[CVE-2020-8164] Possible Strong Parameters Bypass in ActionPack
[CVE-2020-8165] Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
[CVE-2020-8166] Ability to forge per-form CSRF tokens given a global CSRF token
[CVE-2020-8167] CSRF Vulnerability in rails-ujs

https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released/
---
 manageiq-ui-classic.gemspec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manageiq-ui-classic.gemspec b/manageiq-ui-classic.gemspec
index 8738d1e4aaa..632d42b4f85 100644
--- a/manageiq-ui-classic.gemspec
+++ b/manageiq-ui-classic.gemspec
@@ -19,7 +19,7 @@ Gem::Specification.new do |s|
   s.executables   = s.files.grep(%r{^exe/}) { |f| File.basename(f) }
   s.require_paths = ["lib"]
 
-  s.add_dependency "rails", "~>5.2.4"
+  s.add_dependency "rails", "~>5.2.4", ">=5.2.4.3"
 
   s.add_dependency "coffee-rails"
   s.add_dependency "font-fabulous", "~> 1.0.5"