Skip to content

Gemfile: Update Gems for security fixes#20

Open
awilfox wants to merge 1 commit into
mainfrom
2026-06-01-sec-updates
Open

Gemfile: Update Gems for security fixes#20
awilfox wants to merge 1 commit into
mainfrom
2026-06-01-sec-updates

Conversation

@awilfox
Copy link
Copy Markdown
Member

@awilfox awilfox commented Jun 1, 2026

  • Rails: 8.0.2 -> 8.0.5 for multiple CVEs in Active Storage. Since LAF uses Active Storage, this seems more critical than in the other repos.

  • Other gems: Updated to versions that fix various vulnerabilities.

OmniAuth is notably still vulnerable to CSRF issues, but that is because it hasn't been updated to the 2.x branch in LAF yet.

All other known vulnerabilities are patched.

Managed to get Selenium working for this one; all tests pass locally.

@awilfox
Gemfile: Update Gems for security fixes
f5b1608 
* Rails: 8.0.2 -> 8.0.5 for multiple CVEs in Active Storage.  Since LAF
  uses Active Storage, this seems more critical than in the other repos.

* Other gems: Updated to versions that fix various vulnerabilities.

OmniAuth is notably still vulnerable to CSRF issues, but that is because
it hasn't been updated to the 2.x branch in LAF yet.

All other known vulnerabilities are patched.
@awilfox awilfox self-assigned this Jun 1, 2026
anarchivist
anarchivist approved these changes Jun 5, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@anarchivist anarchivist left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

r+

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@anarchivist anarchivist anarchivist approved these changes

@davezuckerman davezuckerman Awaiting requested review from davezuckerman

Assignees

@awilfox awilfox

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@awilfox @anarchivist