Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

sgupta/upgrade rails to 6.1.7.7 #11

Open
wants to merge 72 commits into
base: master
Choose a base branch
from

Conversation

shubhiguptaa
Copy link

This PR is to fix the following:

There is a possible sensitive session information leak in Active Storage. This vulnerability has been assigned the CVE identifier CVE-2024-26144.

Versions Affected: >= 5.2.0, < 7.1.0 Not affected: < 5.2.0, >= 7.1.0 Fixed Versions: 7.0.8.1, 6.1.7.7

More details:
https://discuss.rubyonrails.org/t/possible-sensitive-session-information-leak-in-active-storage/84945

Rails has also announced possible denial of service security vulnerabilities in the content type parsing component of Rack, in the header parsing routines, and range header in rack, this is affecting the version of rack we are using. CVE-2024-25126, CVE-2024-26146 and CVE-2024-26141

The vulnerability was fixed in the versions: 2.2.8.1, 3.0.9.1

Read more :
https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941 https://discuss.rubyonrails.org/t/possible-denial-of-service-vulnerability-in-rack-header-parsing/84942 https://discuss.rubyonrails.org/t/possible-dos-vulnerability-with-range-header-in-rack/84944/1

DZittersteyn and others added 30 commits January 26, 2018 11:03
Merge hackday improvements into our company fork
Extension updates from my own repo
It feels odd when saving a new link. The Save button should be on the right side of the form: this fixes that.
Bumps [sprockets](http://getsprockets.org/) from 3.7.1 to 3.7.2.

Signed-off-by: dependabot[bot] <[email protected]>
…ass-3.4.1

Bump bootstrap-sass from 3.3.7 to 3.4.1
…anitizer-1.2.0

Bump rails-html-sanitizer from 1.0.3 to 1.2.0
…10.8

Bump nokogiri from 1.10.5 to 1.10.8
tomdev and others added 30 commits March 15, 2021 11:28
Update mimemagic to 0.3.10 version
Bumps [puma](https://github.com/puma/puma) from 5.3.1 to 5.6.4.
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/master/History.md)
- [Commits](puma/puma@v5.3.1...v5.6.4)

---
updated-dependencies:
- dependency-name: puma
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
Bumps [rack](https://github.com/rack/rack) from 2.2.3 to 2.2.3.1.
- [Release notes](https://github.com/rack/rack/releases)
- [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md)
- [Commits](rack/rack@2.2.3...2.2.3.1)

---
updated-dependencies:
- dependency-name: rack
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Upgrading for Ruby 3.2 Compatibility
Add missing app/assets/config/manifest.js
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

8 participants