Dezember 11th 2024, Rails version 6.1.7.21
- Fixed CVE-2024-54133, a vulnerability that allows to bypass the Content Security Policy configuration in Rails' ActionDispatch. Read the announcement Show archive.org snapshot .
October 17th 2024, Rails version 6.1.7.20
- Fixed ReDoS vulnerabilities CVE-2024-41128, CVE-2024-47887, CVE-2024-47888, and CVE-2024-47889. Read the announcement Show archive.org snapshot .
Sep 18th, 2024: Version 6.1.7.19
- Reverted a dev-only bug fix breaking for users of older versions of the "listen" gem.
Sep 18th, 2024: Version 6.1.7.18
- Initial release of the LTS version of Rails 6.1.
- This is mostly identical to the latest official 6.1 release (6.1.7.8) plus some compatible and non-essential bug fixes.
- Supports Ruby 2.5, 2.7, 3.1 and 3.3
- Added monkey patches to address ReDoS vulnerabilities in the
time
stdlib on old Ruby versions (CVE-2023-28756), see here Show archive.org snapshot for more details (theuri
changes can be solved by updating the "uri" gem) - Bump dependencies on
rack
,trix
andrails-html-sanitizer
to versions without known security vulnerabilities. - (Skipped 10 tiny versions to version .18 to stay ahead of any official 6.1.7.x community releases.)
Posted by Tobias Kraze to Rails LTS documentation (2024-09-18 12:53)