Multiples vulnerabilities found on Ruby on Rails

Following the vulnerabilities in Rails affecting versions < 6.1.7.7, do we have to worry?
I've updated Redmine to 5.1.1 using the official docker image. After the update, the version of Rails is 6.1.7.6.
So is there a plan to update the docker image and use Rails v6.1.7.7?

Replies (2)

RE: Multiples vulnerabilities found on Ruby on Rails - Added by Marius BĂLTEANU 2 months ago

Thanks for reporting these vulnerability issues!

From what I see, only CVE-2024-26144 applies to Rails 6.1.7.6 version which is used by the latest Redmine versions. The issue affects Active Storage which is not used by Redmine, but I'm going to update Rails version to 6.1.7.7 in #40319. The new versions will be released soon.

RE: Multiples vulnerabilities found on Ruby on Rails - Added by Emmanuel Belair about 2 months ago

Great! Thank you!

(1-2/2)

Project

General

Profile

Redmine