mail gem version upgrade in gemspec

[mearleycf]

I'm getting the following error:

Bundler could not find compatible versions for gem "mail":
  In Gemfile:
    mail (~> 2.6.0)

    rails (~> 3.2.22.1) was resolved to 3.2.22.1, which depends on
      actionmailer (= 3.2.22.1) was resolved to 3.2.22.1, which depends on
        mail (~> 2.5.4)

    mailman (~> 0.5.1) was resolved to 0.5.1, which depends on
      mail (>= 2.0.3)

The reason I need to upgrade is that Mail, below versions 2.6.0, has an SMTP injection vulnerability.

[schmidt]

I have just created a sample Gemfile with nothing else in there but

source "https://rubygems.org"

gem "mailman"

which installs mailman 0.7.3 and mail 2.6.4. Only after adding gem "rails", "3.2.22.2" to the Gemfile, the older mail gem is used. Judging by the contents of my Gemfile.lock and also the output you provided, this is due to a dependency of actionmailer on mail ~> 2.5.4, which does only allow mail versions lower than 2.6 and greater or equal than 2.5.4.

So in order to fix your problem, you would need to update to rails 4. I don't think, there is anything, that mailman could do.