Skip to content

Deploy Fix vulerablilities and copy group offer email addresses to production

Kaspar Vollenweider requested to merge email_copy_production_deploy into main

Name: actionpack Version: 6.1.4.4 CVE: CVE-2022-23633 GHSA: GHSA-wh98-p28r-vrc9 Criticality: High URL: https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ Title: Possible exposure of information vulnerability in Action Pack Solution: upgrade to ~> 5.2.6, >= 5.2.6.2, ~> 6.0.4, >= 6.0.4.6, ~> 6.1.4, >= 6.1.4.6, >= 7.0.2.2

Name: activestorage Version: 6.1.4.4 CVE: CVE-2022-21831 GHSA: GHSA-w749-p3v6-hccq Criticality: Unknown URL: https://groups.google.com/g/rubyonrails-security/c/n-p-W1yxatI Title: Possible code injection vulnerability in Rails / Active Storage Solution: upgrade to ~> 5.2.6, >= 5.2.6.3, ~> 6.0.4, >= 6.0.4.7, ~> 6.1.4, >= 6.1.4.7, >= 7.0.2.3

Name: nokogiri Version: 1.13.1 CVE: CVE-2021-30560 GHSA: GHSA-fq42-c5rg-92c2 Criticality: High URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2 Title: Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35) Solution: upgrade to >= 1.13.2

Merge request reports