Update Rails to 7.0.8.1 #2536

nickcharlton · 2024-02-27T14:59:27Z

This was carried out with: bundle update rails --patch, to fix:

Name: actionpack
Version: 7.0.7.2
CVE: CVE-2024-26143
Criticality: Unknown
URL: https://discuss.rubyonrails.org/t/possible-xss-vulnerability-in-action-controller/84947
Title: Possible XSS Vulnerability in Action Controller
Solution: upgrade to '~> 7.0.8, >= 7.0.8.1', '>= 7.1.3.1'

Name: activestorage
Version: 7.0.7.2
CVE: CVE-2024-26144
Criticality: Unknown
URL: https://discuss.rubyonrails.org/t/possible-sensitive-session-information-leak-in-active-storage/84945
Title: Possible Sensitive Session Information Leak in Active Storage
Solution: upgrade to '~> 6.1.7, >= 6.1.7.7', '>= 7.0.8.1'

Name: rack
Version: 2.2.8
CVE: CVE-2024-25126
Criticality: Unknown
URL: https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941
Title: Denial of Service Vulnerability in Rack Content-Type Parsing
Solution: upgrade to '~> 2.2.8, >= 2.2.8.1', '>= 3.0.9.1'

Name: rack
Version: 2.2.8
CVE: CVE-2024-26141
Criticality: Unknown
URL: https://discuss.rubyonrails.org/t/possible-dos-vulnerability-with-range-header-in-rack/84944
Title: Possible DoS Vulnerability with Range Header in Rack
Solution: upgrade to '~> 2.2.8, >= 2.2.8.1', '>= 3.0.9.1'

Name: rack
Version: 2.2.8
CVE: CVE-2024-26146
Criticality: Unknown
URL: https://discuss.rubyonrails.org/t/possible-denial-of-service-vulnerability-in-rack-header-parsing/84942
Title: Possible Denial of Service Vulnerability in Rack Header Parsing
Solution: upgrade to '~> 2.0.9, >= 2.0.9.4', '~> 2.1.4, >= 2.1.4.4', '~> 2.2.8, >= 2.2.8.1', '>= 3.0.9.1'

This was carried out with: `bundle update rails --patch`, to fix: Name: actionpack Version: 7.0.7.2 CVE: CVE-2024-26143 Criticality: Unknown URL: https://discuss.rubyonrails.org/t/possible-xss-vulnerability-in-action-controller/84947 Title: Possible XSS Vulnerability in Action Controller Solution: upgrade to '~> 7.0.8, >= 7.0.8.1', '>= 7.1.3.1' Name: activestorage Version: 7.0.7.2 CVE: CVE-2024-26144 Criticality: Unknown URL: https://discuss.rubyonrails.org/t/possible-sensitive-session-information-leak-in-active-storage/84945 Title: Possible Sensitive Session Information Leak in Active Storage Solution: upgrade to '~> 6.1.7, >= 6.1.7.7', '>= 7.0.8.1' Name: rack Version: 2.2.8 CVE: CVE-2024-25126 Criticality: Unknown URL: https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941 Title: Denial of Service Vulnerability in Rack Content-Type Parsing Solution: upgrade to '~> 2.2.8, >= 2.2.8.1', '>= 3.0.9.1' Name: rack Version: 2.2.8 CVE: CVE-2024-26141 Criticality: Unknown URL: https://discuss.rubyonrails.org/t/possible-dos-vulnerability-with-range-header-in-rack/84944 Title: Possible DoS Vulnerability with Range Header in Rack Solution: upgrade to '~> 2.2.8, >= 2.2.8.1', '>= 3.0.9.1' Name: rack Version: 2.2.8 CVE: CVE-2024-26146 Criticality: Unknown URL: https://discuss.rubyonrails.org/t/possible-denial-of-service-vulnerability-in-rack-header-parsing/84942 Title: Possible Denial of Service Vulnerability in Rack Header Parsing Solution: upgrade to '~> 2.0.9, >= 2.0.9.4', '~> 2.1.4, >= 2.1.4.4', '~> 2.2.8, >= 2.2.8.1', '>= 3.0.9.1'

nickcharlton · 2024-02-27T15:08:44Z

We're hitting #2523, occasionally here. But otherwise it's fine.

nickcharlton merged commit 1a87f21 into main Feb 27, 2024
9 of 10 checks passed

nickcharlton deleted the nc-upgrade-rails-to-7.0.8.1 branch February 27, 2024 15:08

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update Rails to 7.0.8.1 #2536

Update Rails to 7.0.8.1 #2536

nickcharlton commented Feb 27, 2024

nickcharlton commented Feb 27, 2024

Update Rails to 7.0.8.1 #2536

Update Rails to 7.0.8.1 #2536

Conversation

nickcharlton commented Feb 27, 2024

nickcharlton commented Feb 27, 2024