We maintain several forks since [CVE-2023-23913] of rails-ujs and jquery-ujs.
Since each Rails app has a different way of handling asset packages, we introduced several new forked packages with a fix.
If you want to install one of those packages, please replace your npm package or gem with one of our forked versions.
Use the NPM package @railslts/jquery-ujs to replace the jquery-ujs NPM package, e.g. with npm install @railslts/jquery-ujs.
Use the NPM package @railslts/rails-ujs to replace the rails-ujs NPM package, e.g. with npm install @railslts/rails-ujs.
You can point the rails-ujs gem to our github fork directly with:
gem "rails-ujs", git: "https://github.com/rails-lts/rails-ujs", branch: "lts"
You can point the jquery-rails gem to our github fork directly with:
gem "jquery-rails", git: "https://github.com/rails-lts/jquery-rails", branch: "lts"
If you depend on the older 3-1-stable release of the jquery-rails gem, please replace the gem jquery-rails with the following line in your Gemfile:
gem "jquery-rails", git: "https://github.com/rails-lts/jquery-rails", branch: "lts-3-1-stable"
