[Rails] [ANN] Rack versions 1.6.11 and 2.0.6 have been released!

Ruby on Rails Monday, November 5, 2018

Hi everyone,

Rack versions 1.6.11 and 2.0.6 have been released. Both of these releases
contain important security fixes, and you should upgrade!

Rack version 1.6.11 contains fixes for:

* [CVE-2018-16470] Possible DoS vulnerability in Rack
* [CVE-2018-16471] Possible XSS vulnerability in Rack

Rack version 2.0.6 contains a fix for:

* [CVE-2018-16470] Possible DoS vulnerability in Rack

The gem checksums are:

```
$ sha1sum *
64a0cd32f46c0ff44ffda4055048fe6309903110 rack-1.6.11.gem
b15267e1f94e69238a00a6f1bd48fb7683c03a78 rack-2.0.6.gem
```

You can read more about CVE-2018-16470 here:

https://groups.google.com/forum/#!topic/ruby-security-ann/Dz4sRl-ktKk

You can read more about CVE-2018-16471 here:

https://groups.google.com/forum/#!topic/ruby-security-ann/NAalCee8n6o

Thanks for reading and have a good day!

--
Aaron Patterson
http://tenderlovemaking.com/

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/20181105201758.GD25817%40TC-275.local.
For more options, visit https://groups.google.com/d/optout.

Posted by Ruby on Rails at 12:17 PM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)