On 30/01/23 at 18:59 +0100, Moritz Mühlenhoff wrote: > Source: rails > X-Debbugs-CC: [email protected] > Severity: grave > Tags: security > > Hi, > > The following vulnerabilities were published for rails.
Hi, I think that a reasonable way forward on this bug would be to upgrade rails to version 6.1.7.3. The changelogs for the versions between the current version in testing (6.1.7) and 6.1.7.3 are: https://github.com/rails/rails/releases/tag/v6.1.7.1 https://github.com/rails/rails/releases/tag/v6.1.7.2 https://github.com/rails/rails/releases/tag/v6.1.7.3 The changes are only security fixes. Also, since there are extensive tests for reverse-deps, it would probably be reasonably safe to push that change, even at this stage of the release cycle. Comments? Lucas
