Skip to content

Gemfile: Update Gems for security fixes#20

Merged
awilfox merged 1 commit into
mainfrom
2026-06-01-sec-updates
Jun 9, 2026
Merged

Gemfile: Update Gems for security fixes#20
awilfox merged 1 commit into
mainfrom
2026-06-01-sec-updates

Conversation

@awilfox

@awilfox awilfox commented Jun 1, 2026

Copy link
Copy Markdown
Member
  • Rails: 8.0.2 -> 8.0.5 for multiple CVEs in Active Storage. Since LAF uses Active Storage, this seems more critical than in the other repos.

  • Other gems: Updated to versions that fix various vulnerabilities.

OmniAuth is notably still vulnerable to CSRF issues, but that is because it hasn't been updated to the 2.x branch in LAF yet.

All other known vulnerabilities are patched.


Managed to get Selenium working for this one; all tests pass locally.

* Rails: 8.0.2 -> 8.0.5 for multiple CVEs in Active Storage.  Since LAF
  uses Active Storage, this seems more critical than in the other repos.

* Other gems: Updated to versions that fix various vulnerabilities.

OmniAuth is notably still vulnerable to CSRF issues, but that is because
it hasn't been updated to the 2.x branch in LAF yet.

All other known vulnerabilities are patched.
@awilfox awilfox self-assigned this Jun 1, 2026

@anarchivist anarchivist left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

r+

@awilfox awilfox merged commit f5b1608 into main Jun 9, 2026
5 checks passed
@awilfox awilfox deleted the 2026-06-01-sec-updates branch June 9, 2026 06:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants