Hi Abhijith, On Wed, May 06, 2026 at 12:11:59PM +0530, Abhijith PA wrote: > Hello security-team, > > I am currently preparing an upload for ruby-rack in bullseye LTS. I've > also prepared an update for trixie for ruby-rack[1] except > CVE-2026-26962[2]. I will do the same for bookworm too. ruby-rack is > listed in data/dsa-needed.txt, but the planned point releases are on > 16th May.
To me it is not clar at all why this should be only 3.2 onwards. Looking at the code in trixie, the same is there. What I have not tried explicitly is to run the test code. Can you please loop in the question to upstream and keep us on the loop for that? > So should I hand over for normal DSA or shall I do the SPU/OSPU since point > releases date are very close. This might be an option. Let's go over the open CVEs and decide then, the window for allowing updates into the point release will close this upcoming weekend. Regards, Salvatore
