Public bug reported: Ubuntu: 2.1.0-1 Debian Unstable: 2.1.0-1
A new release of ruby-rack-session is available for merging from Upstream. Getting this version to Ubuntu was a requirement of the package's MIR: https://bugs.launchpad.net/ubuntu/+source/ruby-rack-session/+bug/2106774 Ideally this would come to Debian and then synced to Ubuntu, but Debian is now on a Hard Freeze. We will go ahead of Debian for now. When the package lands in Unstable, then it'll be in sync again. Upstream changes from version 2.1.0: ## v2.1.1 - Prevent `Rack::Session::Pool` from recreating deleted sessions [CVE-2025-46336](https://github.com/rack/rack-session/security/advisories/GHSA-9j94-67jr-4cqj). ** Affects: ruby-rack-session (Ubuntu) Importance: Undecided Status: New ** Summary changed: - Merge ruby-rack-session from Upstream for questing + Bring ruby-rack-session v2.1.1 from Upstream for questing -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2113856 Title: Bring ruby-rack-session v2.1.1 from Upstream for questing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby-rack-session/+bug/2113856/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
