Hello Jeremy, Thanks for fixing CVE-2026-26962[1]. I am working on backporting those to our ruby-rack packages. While going through CVE-2026-26962 advisory[2], it explicitly mention that affected only in 3.2.x (fixed in 3.2.6) versions.
Can you give a brief clarification on why it is not affecting other supported stable release 3.1.x and 2.2.x . Thanks in advance. --abhijith [1] - https://www.cve.org/CVERecord?id=CVE-2026-26962 [2] - https://github.com/rack/rack/security/advisories/GHSA-rx22-g9mx-qrhv
