Patch #36757

Update Rails to 5.2.6.3

Added by Vincent Robert 5 months ago. Updated 5 months ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:Go MAEDA% Done:

0%

Category:Rails support
Target version:4.1.7

Description

A new security release is available, and we should upgrade to Rails 5.2.6.3.
https://rubyonrails.org/2022/3/8/Rails-7-0-2-3-6-1-4-7-6-0-4-7-and-5-2-6-3-have-been-released

This release addresses CVE-2022-21831. A detailed explanation is available here: https://discuss.rubyonrails.org/t/cve-2022-21831-possible-code-injection-vulnerability-in-rails-active-storage/80199

Associated revisions

Revision 21454
Added by Go MAEDA 5 months ago

Update Rails to 5.2.6.3 (#36757).

Revision 21455
Added by Go MAEDA 5 months ago

Update Rails to 5.2.6.3 (#36757).

History

#1 Updated by Marius BALTEANU 5 months ago

Thanks!

We will do the update, but that component is not used in Redmine.

#2 Updated by Go MAEDA 5 months ago

  • Target version set to 4.1.7

#3 Updated by Go MAEDA 5 months ago

  • Status changed from New to Closed
  • Assignee set to Go MAEDA

Updated Rails. Thank you for reporting this.

Also available in: Atom PDF