207 Rails 6.1 LTS Changelog

October 17th 2024, Rails version 6.1.7.20

Fixed ReDoS vulnerabilities CVE-2024-41128, CVE-2024-47887, CVE-2024-47888, and CVE-2024-47889. Read the announcement Show archive.org snapshot .

Reverted a dev-only bug fix breaking for users of older versions of the "listen" gem.

Initial release of the LTS version of Rails 6.1.
This is mostly identical to the latest official 6.1 release (6.1.7.8) plus some compatible and non-essential bug fixes.
Supports Ruby 2.5, 2.7, 3.1 and 3.3
Added monkey patches to address ReDoS vulnerabilities in the time stdlib on old Ruby versions (CVE-2023-28756), see here Show archive.org snapshot for more details (the uri changes can be solved by updating the "uri" gem)
Bump dependencies on rack, trix and rails-html-sanitizer to versions without known security vulnerabilities.
(Skipped 10 tiny versions to version .18 to stay ahead of any official 6.1.7.x community releases.)

Tobias Kraze

Last edit

2024-10-17

Dominik Schöler

License

Source code in this card is licensed under the MIT License.

Posted by Tobias Kraze to Rails LTS documentation (2024-09-18 12:53)