d7649dbd70
Upgrade Rails to 7.0.2.2 and Puma to 5.6.2 to fix this CVE: * https://rubyonrails.org/2022/2/11/Rails-7-0-2-2-6-1-4-6-6-0-4-6-and-5-2-6-2-have-been-released * https://github.com/rails/rails/security/advisories/GHSA-wh98-p28r-vrc9 * https://discuss.rubyonrails.org/t/cve-2022-23633-possible-exposure-of-information-vulnerability-in-action-pack/80016 This fixes a bug in Puma <5.6.2 that caused ActiveSupport::CurrentAttributes to not be reset between requests in certain cases, which could allow state to be leaked between requests.
14 KiB
14 KiB