diff --git a/Gemfile b/Gemfile
index 1234622a..671d6702 100644
--- a/Gemfile
+++ b/Gemfile
@@ -3,6 +3,9 @@ source 'http://rubygems.org'
 gem 'rails', '3.0.20'
 #gem 'sqlite3-ruby', '~> 1.3.1', :require => 'sqlite3'
 
+# https://groups.google.com/d/topic/rubyonrails-security/4_YvCpLzL58/discussion
+gem 'json', '~> 1.7.7'
+
 gem 'compass', '~> 0.10.1'
 gem 'haml', '~> 3.0.18'
 gem 'rdiscount', '~> 1.6.5'
diff --git a/Gemfile.lock b/Gemfile.lock
index e0067554..b9c1331f 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -155,7 +155,7 @@ GEM
     jammit (0.5.4)
       closure-compiler (>= 0.1.0)
       yui-compressor (>= 0.9.1)
-    json (1.7.6)
+    json (1.7.7)
     mail (2.2.19)
       activesupport (>= 2.3.6)
       i18n (>= 0.4.0)
@@ -296,6 +296,7 @@ DEPENDENCIES
   hoptoad_notifier
   http_accept_language!
   jammit (~> 0.5.3)
+  json (~> 1.7.7)
   memcache-client (~> 1.8.5)
   mini_magick (~> 3.4)
   msgpack (~> 0.4.3)
diff --git a/vendor/cache/json-1.7.6.gem b/vendor/cache/json-1.7.6.gem
deleted file mode 100644
index 97a31710..00000000
Binary files a/vendor/cache/json-1.7.6.gem and /dev/null differ
diff --git a/vendor/cache/json-1.7.7.gem b/vendor/cache/json-1.7.7.gem
new file mode 100644
index 00000000..db6f006f
Binary files /dev/null and b/vendor/cache/json-1.7.7.gem differ