Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump to 6.1.7.8 for CVE-2024-28103 fix #23058

Merged
merged 1 commit into from
Jun 5, 2024
Merged

Bump to 6.1.7.8 for CVE-2024-28103 fix #23058

merged 1 commit into from
Jun 5, 2024

Conversation

jrafanie
Copy link
Member

@jrafanie jrafanie commented Jun 5, 2024
edited
Loading

See also: https://rubyonrails.org/2024/6/4/Rails-Versions-6-1-7-8-7-0-8-4-and-7-1-3-4-have-been-released

Note, bundler audit wasn't detecting it but there's a advisory db PR opened so it's detected in the future. See: rubysec/ruby-advisory-db#787

@jrafanie jrafanie requested a review from Fryguy as a code owner June 5, 2024 12:57
@miq-bot
Copy link
Member

miq-bot commented Jun 5, 2024

Checked commit jrafanie@9755fa6 with ruby 2.7.8, rubocop 1.56.3, haml-lint 0.51.0, and yamllint
1 file checked, 0 offenses detected
Everything looks fine. 🏆

@jasnow
Copy link

jasnow commented Jun 5, 2024

Checked commit jrafanie@9755fa6 with ruby 2.7.8, rubocop 1.56.3, haml-lint 0.51.0, and yamllint 1 file checked, 0 offenses detected Everything looks fine. 🏆

Not merged in yet.

@Fryguy Fryguy merged commit 04dd1a3 into ManageIQ:master Jun 5, 2024
8 checks passed
@Fryguy
Copy link
Member

Fryguy commented Jun 5, 2024

Backported to radjabov in commit 0e9172b.

commit 0e9172b02caa58e6040c14829b3e79a5a5813acb
Author: Jason Frey <[email protected]>
Date:   Wed Jun 5 09:33:30 2024 -0400

    Merge pull request #23058 from jrafanie/bump_to_6_1_7_8_for_cve
    
    Bump to 6.1.7.8 for CVE-2024-28103 fix
    
    (cherry picked from commit 04dd1a399ad0b9c6a11e6302e5e59a36a3ed5294)

Fryguy added a commit that referenced this pull request Jun 5, 2024
@Fryguy
Merge pull request #23058 from jrafanie/bump_to_6_1_7_8_for_cve
0e9172b 
Bump to 6.1.7.8 for CVE-2024-28103 fix

(cherry picked from commit 04dd1a3)
Fryguy added a commit to Fryguy/manageiq that referenced this pull request Jun 5, 2024
@Fryguy
Update lockfile after backport of ManageIQ#23058
5d185ea
jrafanie added a commit that referenced this pull request Jun 5, 2024
@jrafanie
Merge pull request #23059 from Fryguy/bump_lockfile
9cb733c 
[RADJABOV] Update lockfile after backport of #23058
@jrafanie jrafanie deleted the bump_to_6_1_7_8_for_cve branch June 5, 2024 19:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Fryguy Fryguy Awaiting requested review from Fryguy Fryguy is a code owner

Assignees

@Fryguy Fryguy

Labels
core/security dependencies petrosian/yes? quinteros/yes? radjabov/backported
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jrafanie @miq-bot @jasnow @Fryguy