From 6ec04cbc28dac75b21ab9db8546263850f83fce0 Mon Sep 17 00:00:00 2001 From: Mike Dalessio Date: Tue, 9 Jun 2026 11:01:36 -0400 Subject: [PATCH] =?UTF-8?q?dep:=20update=20rack-session=202.1.1=20?= =?UTF-8?q?=E2=86=92=202.1.2?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Security bump for CVE-2026-39324 (Rack::Session::Cookie secretless session forgery). Campfire uses Rails ActionDispatch CookieStore, not Rack::Session::Cookie, so was never exposed — hygiene update. Transitive dep (no Gemfile change). 10 commits analyzed, 0 mitigations. https://github.com/basecamp/37signals-hq/blob/main/upgrade-analysis/campfire-20260609-rack-session_2.1.1..2.1.2.md 🤖 Assisted by Claude --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 96dc1c3..9bc8884 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -267,7 +267,7 @@ GEM base64 (>= 0.1.0) logger (>= 1.6.0) rack (>= 3.0.0, < 4) - rack-session (2.1.1) + rack-session (2.1.2) base64 (>= 0.1.0) rack (>= 3.0.0) rack-test (2.2.0)