When running bundle install --verbose on Bundler versions 1.12+, you might see errors of the form HTTP 403 Forbidden https://...
June 6th 2025, Rack version 1.4.7.24 Fixed CVE-2025-49007: ReDoS Vulnerability in Rack Multipart Handling. Read the announcement.
June 6th 2025, Rack version 1.4.7.24 Fixed CVE-2025-49007: ReDoS Vulnerability in Rack Multipart Handling. Read the announcement.
June 6th 2025, Rack version 1.6.13.22 Fixed CVE-2025-49007: ReDoS Vulnerability in Rack Multipart Handling. Read the announcement.
June 6th 2025, Rails version 5.2.8.32 No changes in Rails. Bumped Rack version requirement to version 2.2.17.10.
June 6th 2025, Rails version 6.1.7.28 No changes in Rails. Bumped Rack version requirement to version 2.2.17.10.
This is a list of known CVEs relevant for Rails LTS 2.3+. All CVEs are fixed in all versions of...
Rails LTS (<= 4.2) contains a fix for CVE-2021-22885, but this includes a breaking change you can opt out...
Best results in other decks
When things go wrong, for example, caused by a bad commit, we need to revert back to an earlier known...
Rails wraps your parameters into an interface called StrongParameters. In most cases, your form submits your data in a nested...