New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sidekiq 5.2.8 locks Rack to 2.0.x (CVE found) #4566
Comments
Do you use Rack::Directory? If not, this version doesn’t matter to you. If yes, you can run the 5-x branch. |
@mperham I appreciate the quick response. Our CI builds require |
I'm not in a hurry to release. There's a CVE in a Rack feature that is not enabled by default and the community does not use (at least I've never heard of anyone using it). If someone uses Sidekiq AND Rack::Directory in the same app, please speak up. |
For any curious, this will use the branch:
|
Is there any plan to release a new version of the 5.2 series of Sidekiq? |
Sidekiq 5.2.9 has been released. |
oh, 5.2.9 just relaxed the rack requirements. Doesn't address the disappearing UI issue when you update rack |
I don’t know what a disappearing UI is?
… On Jun 16, 2020, at 09:53, Adam Zolotarev ***@***.***> wrote:
oh, 5.2.9 just relaxed the rack requirements. Doesn't address the disappearing UI issue
—
You are receiving this because you modified the open/close state.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
Sorry, looks like it was an issue with New Relic. I just needed to also update New Relic gem based on #4440 |
Ruby:
2.4.6
Sidekiq:
5.2.8
Rack:
2.0.9
No
Yes,
5.2.8
is the latest version in the5.x
series.Problem
A recent CVE has been announced for Rack
2.0.x
. Sidekiq will not allow Rack to be upgraded to the recommended versions. Here is the output of bundler audit.The text was updated successfully, but these errors were encountered: