Mike Dalessio c189ddea41 dep: update net-imap 0.5.12 → 0.6.4
Security bump clearing 5 CVEs (CVE-2026-42245/42246/42256/42257/42258:
literal DoS, STARTTLS stripping, SCRAM DoS, command injection ×2). Not
exposed: all require acting as an IMAP client. net-imap is autoloaded by
mail only when retriever_method :imap is set; campfire configures no
retriever and has no inbound email — net/imap is never required.

Conservative update landed 0.6.4 (minor jump, dormant dep). Ruby floor
raised to >= 3.2.0; campfire runs 3.4.5. 206 commits triaged, 0
mitigations.

https://github.com/basecamp/37signals-hq/blob/main/upgrade-analysis/campfire-20260609-net-imap_v0.5.12..v0.6.4.md

🤖 Assisted by Claude
2026-06-09 12:42:51 -04:00
2025-08-21 09:31:59 +01:00
2025-08-21 09:31:59 +01:00
2025-08-21 09:31:59 +01:00
2026-01-16 09:31:22 +01:00
2025-08-21 09:31:59 +01:00
2025-08-21 09:31:59 +01:00
2025-12-01 10:40:24 +01:00
2025-08-21 09:31:59 +01:00
2025-08-21 09:31:59 +01:00
2025-08-21 09:31:59 +01:00
2025-08-21 09:31:59 +01:00
2025-08-21 09:31:59 +01:00
2025-09-18 14:51:42 +02:00
2025-12-01 10:40:24 +01:00
2026-06-09 12:42:51 -04:00
2025-08-21 09:31:59 +01:00
2025-08-21 09:31:59 +01:00
2025-08-21 09:31:59 +01:00
2025-09-18 10:53:41 -04:00

Campfire

Campfire is a web-based chat application. It supports many of the features you'd expect, including:

  • Multiple rooms, with access controls
  • Direct messages
  • File attachments with previews
  • Search
  • Notifications (via Web Push)
  • @mentions
  • API, with support for bot integrations

Deploying with Docker

Campfire's Docker image contains everything needed for a fully-functional, single-machine deployment. This includes the web app, background jobs, caching, file serving, and SSL.

To persist storage of the database and file attachments, map a volume to /rails/storage.

To configure additional features, you can set the following environment variables:

  • SSL_DOMAIN - enable automatic SSL via Let's Encrypt for the given domain name
  • DISABLE_SSL - alternatively, set DISABLE_SSL to serve over plain HTTP
  • VAPID_PUBLIC_KEY/VAPID_PRIVATE_KEY - set these to a valid keypair to allow sending Web Push notifications. You can generate a new keypair by running /script/admin/create-vapid-key
  • SENTRY_DSN - to enable error reporting to sentry in production, supply your DSN here

For example:

docker build -t campfire .

docker run \
  --publish 80:80 --publish 443:443 \
  --restart unless-stopped \
  --volume campfire:/rails/storage \
  --env SECRET_KEY_BASE=$YOUR_SECRET_KEY_BASE \
  --env VAPID_PUBLIC_KEY=$YOUR_PUBLIC_KEY \
  --env VAPID_PRIVATE_KEY=$YOUR_PRIVATE_KEY \
  --env TLS_DOMAIN=chat.example.com \
  campfire

Running in development

bin/setup
bin/rails server

Worth Noting

When you start Campfire for the first time, youll be guided through creating an admin account. The email address of this admin account will be shown on the login page so that people who forget their password know who to contact for help. (You can change this email later in the settings)

Campfire is single-tenant: any rooms designated "public" will be accessible by all users in the system. To support entirely distinct groups of customers, you would deploy multiple instances of the application.

S
Description
No description provided
Readme 85 MiB
Languages
Ruby 44.4%
HTML 24.4%
JavaScript 18.1%
CSS 12.2%
Shell 0.5%
Other 0.4%