Hello Jeremy,

Thanks for fixing CVE-2026-26962[1]. I am working on backporting those to
our ruby-rack packages. While going through CVE-2026-26962
advisory[2], it explicitly mention that affected only in 3.2.x (fixed
in 3.2.6) versions.

Can you give a brief clarification on why it is not affecting other
supported stable release 3.1.x and 2.2.x .

Thanks in advance. 

--abhijith

[1] - https://www.cve.org/CVERecord?id=CVE-2026-26962
[2] - https://github.com/rack/rack/security/advisories/GHSA-rx22-g9mx-qrhv

Reply via email to