Replies: 1 comment 4 replies
-
I don't think we plan to backport the change (#1733) to Rack 2, as it breaks backwards compatibility. @ioquatix @tenderlove your thoughts? |
Beta Was this translation helpful? Give feedback.
4 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Similarly to how Rails team always backport security fixes to at least the last two major versions, is there any chance that the rack team would consider doing the same for a while, at least until Rack 3 is more widely accepted as a dependency version?
Currently, I am referring to the vulnerability discovered in SNYK-RUBY-RACK-1061917.
It seems that upgrading to Rack 3 is blocked in a handful of key dependency chains, which use
rack ~2.x
orrack < 3
in their manifests, such as:rack
3 sinatra/sinatra#1797), which is blocked by the rainbow dependency, which I am not sure is even maintained anymore, andBeta Was this translation helpful? Give feedback.
All reactions