Project

General

Profile

Actions
Copy link

Patch #36757

closed

Update Rails to 5.2.6.3

Added by Vincent Robert about 2 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Go MAEDA
Category:
Rails support
Target version:
4.1.7
Start date:
Due date:
% Done:

0%

Estimated time:

Description

A new security release is available, and we should upgrade to Rails 5.2.6.3.
https://rubyonrails.org/2022/3/8/Rails-7-0-2-3-6-1-4-7-6-0-4-7-and-5-2-6-3-have-been-released

This release addresses CVE-2022-21831. A detailed explanation is available here: https://discuss.rubyonrails.org/t/cve-2022-21831-possible-code-injection-vulnerability-in-rails-active-storage/80199

Actions
Copy link
 #1

Updated by Marius BÄ‚LTEANU about 2 years ago

Thanks!

We will do the update, but that component is not used in Redmine.

Actions
Copy link
 #2

Updated by Go MAEDA about 2 years ago

  • Target version set to 4.1.7
Actions
Copy link
 #3

Updated by Go MAEDA about 2 years ago

  • Status changed from New to Closed
  • Assignee set to Go MAEDA

Updated Rails. Thank you for reporting this.

Actions
Copy link

Also available in: Atom PDF