Skip to content

vulnerability(criticallity-high): puma 3.12.4 (was 3.11.4)

Kaspar Vollenweider requested to merge chore/update_one_vulnerable_gem into develop

The puma gem has a vulnerability marked as highly critical:

Name: puma
Version: 3.11.4
Advisory: CVE-2019-16770
Criticality: High
URL: https://github.com/puma/puma/security/advisories/GHSA-7xx3-m584-x994
Title: Keepalive thread overload/DoS in puma
Solution: upgrade to ~> 3.12.2, >= 4.3.1

Merge request reports