Project

General

Profile

Actions
Copy link

Defect #13131

closed

Rack Vulnerability

Added by Anonymous over 12 years ago. Updated over 12 years ago.

Status:
Closed
Priority:
High
Assignee:
-
Category:
Security
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Invalid
Affected version:
2.2.2

Description

Rack recently reported a vulnerability: http://rack.github.com/

I'm running Redmine 2.2.2 and bundle show rack gives me 1.4.4. Is it necessary to upgrade the Rack version or is Redmine not affected by this?

Actions
Copy link
 #1

Updated by Toshi MARUYAMA over 12 years ago

Redmine does not define rack version in Gemfile.
You need to run "bundle update".

Actions
Copy link
 #2

Updated by Anonymous over 12 years ago

  • Status changed from New to Resolved

Sorry you're right. I'm used to Gemfile.lock being in the repo but it's not here. Would an item on News be helpful to remind people to check?

Actions
Copy link
 #3

Updated by Etienne Massip over 12 years ago

  • Status changed from Resolved to Closed
  • Resolution set to Invalid
Actions
Copy link

Also available in: Atom PDF