Support for Rack v3 #232

jrreed · 2023-09-18T20:19:47Z

Hi,

There's currently a Web Cache Poisoning vulnerability in Rack > v3.0

Its been out for a while and Rack released a major version bump to address it in v3.0.0

Rails has also added support for Rack > v3.0 in the upcoming v7.1.0 release

However, the ros-apartment gem is pinned to rack < 3.0 which prevents us from upgrading to the latest version of rack

Best I can tell is that this was introduced here out of precaution:
#24

Any chance this could be bumped up to rack < 4.0?

Let me know if there's something I can help with -- I'd be happy to submit a PR if this is just a matter of updating the gemspec and running tests.

The text was updated successfully, but these errors were encountered:

mnovelo · 2024-03-27T13:08:21Z

Sounds reasonable to me. Let's do this once #243 is merged

luke-hill · 2024-03-28T16:27:11Z

Does this mean the people working on this gem will be looking at rack3 support?

Also is there a reason the changelog is over 4 years out of date? Do you know if there is a plan to maintain the changelog again @mnovelo

mnovelo · 2024-03-28T20:30:08Z

@luke-hill yes, we'll look into rack3 support. If you've got a PR for that, that'd be helpful!

I just started as a maintainer about a week ago, but the changelog is definitely something I'm looking forward to updating and keeping updated.

luke-hill · 2024-04-16T15:35:28Z

Hi @mnovelo - Is there any movement on this. Do we think this is something that will happen this Summer? In 2024? e.t.c.?

Provide feedback