Skip to content

Upgrade Ruby on Rails  #91

Description

@rotated8

All versions of Rails are affected by a remote code execution bug, CVE-2022-32224, affecting serialized YAML. There are no workarounds- Rails expects everyone to upgrade to safe versions: 7.0.3.1, 6.1.6.1, 6.0.5.1, or 5.2.8.1. These new versions of Rails appear to have caught the community off guard, and frequently require other code changes to successfully upgrade.

Community feedback to the Rails team has led to new tickets and pull requests to make this upgrade easier, and the consensus from the Hyrax Working Group and Tech calls this week is to wait a little while for the dust to settle before implementing this upgrade. The current versions of Ruby on Rails may not be the best to target for this work.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions