Multiples vulnerabilities found on Ruby on Rails
Added by Emmanuel Belair 10 months ago
Following the vulnerabilities in Rails affecting versions < 6.1.7.7, do we have to worry?
I've updated Redmine to 5.1.1 using the official docker image. After the update, the version of Rails is 6.1.7.6.
So is there a plan to update the docker image and use Rails v6.1.7.7?
Replies (2)
RE: Multiples vulnerabilities found on Ruby on Rails - Added by Marius BĂLTEANU 10 months ago
Thanks for reporting these vulnerability issues!
From what I see, only CVE-2024-26144 applies to Rails 6.1.7.6 version which is used by the latest Redmine versions. The issue affects Active Storage which is not used by Redmine, but I'm going to update Rails version to 6.1.7.7 in #40319. The new versions will be released soon.
RE: Multiples vulnerabilities found on Ruby on Rails - Added by Emmanuel Belair 10 months ago
Great! Thank you!