mirror of
https://github.com/basecamp/once-campfire.git
synced 2026-07-08 00:50:22 +09:00
dep: update rack-session 2.1.1 → 2.1.2
Security bump for CVE-2026-39324 (Rack::Session::Cookie secretless session forgery). Campfire uses Rails ActionDispatch CookieStore, not Rack::Session::Cookie, so was never exposed — hygiene update. Transitive dep (no Gemfile change). 10 commits analyzed, 0 mitigations. https://github.com/basecamp/37signals-hq/blob/main/upgrade-analysis/campfire-20260609-rack-session_2.1.1..2.1.2.md 🤖 Assisted by Claude
This commit is contained in:
+1
-1
@@ -267,7 +267,7 @@ GEM
|
||||
base64 (>= 0.1.0)
|
||||
logger (>= 1.6.0)
|
||||
rack (>= 3.0.0, < 4)
|
||||
rack-session (2.1.1)
|
||||
rack-session (2.1.2)
|
||||
base64 (>= 0.1.0)
|
||||
rack (>= 3.0.0)
|
||||
rack-test (2.2.0)
|
||||
|
||||
Reference in New Issue
Block a user