Project

General

Profile

Actions

Defect #13131

closed

Rack Vulnerability

Added by Anonymous over 12 years ago. Updated over 12 years ago.

Status:
Closed
Priority:
High
Assignee:
-
Category:
Security
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Invalid
Affected version:

Description

Rack recently reported a vulnerability: http://rack.github.com/

I'm running Redmine 2.2.2 and bundle show rack gives me 1.4.4. Is it necessary to upgrade the Rack version or is Redmine not affected by this?

Actions #1

Updated by Toshi MARUYAMA over 12 years ago

Redmine does not define rack version in Gemfile.
You need to run "bundle update".

Actions #2

Updated by Anonymous over 12 years ago

  • Status changed from New to Resolved

Sorry you're right. I'm used to Gemfile.lock being in the repo but it's not here. Would an item on News be helpful to remind people to check?

Actions #3

Updated by Etienne Massip over 12 years ago

  • Status changed from Resolved to Closed
  • Resolution set to Invalid
Actions

Also available in: Atom PDF