[ANN] Rack versions 1.6.11 and 2.0.6 have been released!

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[ANN] Rack versions 1.6.11 and 2.0.6 have been released!

Aaron Patterson-5
Hi everyone,

Rack versions 1.6.11 and 2.0.6 have been released.  Both of these releases
contain important security fixes, and you should upgrade!

Rack version 1.6.11 contains fixes for:

* [CVE-2018-16470] Possible DoS vulnerability in Rack
* [CVE-2018-16471] Possible XSS vulnerability in Rack

Rack version 2.0.6 contains a fix for:

* [CVE-2018-16470] Possible DoS vulnerability in Rack

The gem checksums are:

```
$ sha1sum *
64a0cd32f46c0ff44ffda4055048fe6309903110  rack-1.6.11.gem
b15267e1f94e69238a00a6f1bd48fb7683c03a78  rack-2.0.6.gem
```

You can read more about CVE-2018-16470 here:

  https://groups.google.com/forum/#!topic/ruby-security-ann/Dz4sRl-ktKk

You can read more about CVE-2018-16471 here:

  https://groups.google.com/forum/#!topic/ruby-security-ann/NAalCee8n6o

Thanks for reading and have a good day!

--
Aaron Patterson
http://tenderlovemaking.com/

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at https://groups.google.com/group/rubyonrails-core.
For more options, visit https://groups.google.com/d/optout.

signature.asc (499 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [ANN] Rack versions 1.6.11 and 2.0.6 have been released!

Alberto Almagro
Thanks for fixing this guys

El lunes, 5 de noviembre de 2018, 21:18:09 (UTC+1), Aaron Patterson escribió:
Hi everyone,

Rack versions 1.6.11 and 2.0.6 have been released.  Both of these releases
contain important security fixes, and you should upgrade!

Rack version 1.6.11 contains fixes for:

* [CVE-2018-16470] Possible DoS vulnerability in Rack
* [CVE-2018-16471] Possible XSS vulnerability in Rack

Rack version 2.0.6 contains a fix for:

* [CVE-2018-16470] Possible DoS vulnerability in Rack

The gem checksums are:

```
$ sha1sum *
64a0cd32f46c0ff44ffda4055048fe6309903110  rack-1.6.11.gem
b15267e1f94e69238a00a6f1bd48fb7683c03a78  rack-2.0.6.gem
```

You can read more about CVE-2018-16470 here:

  <a href="https://groups.google.com/forum/#!topic/ruby-security-ann/Dz4sRl-ktKk" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://groups.google.com/forum/#!topic/ruby-security-ann/Dz4sRl-ktKk&#39;;return true;" onclick="this.href=&#39;https://groups.google.com/forum/#!topic/ruby-security-ann/Dz4sRl-ktKk&#39;;return true;">https://groups.google.com/forum/#!topic/ruby-security-ann/Dz4sRl-ktKk

You can read more about CVE-2018-16471 here:

  <a href="https://groups.google.com/forum/#!topic/ruby-security-ann/NAalCee8n6o" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://groups.google.com/forum/#!topic/ruby-security-ann/NAalCee8n6o&#39;;return true;" onclick="this.href=&#39;https://groups.google.com/forum/#!topic/ruby-security-ann/NAalCee8n6o&#39;;return true;">https://groups.google.com/forum/#!topic/ruby-security-ann/NAalCee8n6o

Thanks for reading and have a good day!

--
Aaron Patterson
<a href="http://tenderlovemaking.com/" target="_blank" rel="nofollow" onmousedown="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Ftenderlovemaking.com%2F\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNETeX0_1Ki_P1seePVoCAscuYQKnw&#39;;return true;" onclick="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Ftenderlovemaking.com%2F\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNETeX0_1Ki_P1seePVoCAscuYQKnw&#39;;return true;">http://tenderlovemaking.com/

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at https://groups.google.com/group/rubyonrails-core.
For more options, visit https://groups.google.com/d/optout.