Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade Rails to 5.2.4.5 #1286

Open
alisan16 opened this issue Mar 9, 2021 · 0 comments
Open

Upgrade Rails to 5.2.4.5 #1286

alisan16 opened this issue Mar 9, 2021 · 0 comments
Labels
Eng: Backend Work Group Eng: Dependencies Pull requests that update a dependency file

Comments

@alisan16
Copy link
Contributor

alisan16 commented Mar 9, 2021

Security failure on all PRs on this repository due to advisory CVE-2021-22880

This was recently updated for Caseflow - department-of-veterans-affairs/caseflow#15900

Name: activerecord
Version: 5.2.4.4
Advisory: CVE-2021-22880
Criticality: Medium
URL: https://groups.google.com/g/rubyonrails-security/c/ZzUqCh9vyhI
Title: Possible DoS Vulnerability in Active Record PostgreSQL adapter
Solution: upgrade to ~> 5.2.4.5, ~> 6.0.3.5, >= 6.1.2.1

Vulnerabilities found!

Failed. Security vulnerabilities were found. Find the dependency in Gemfile.lock,
then specify a safe version of the dependency in the Gemfile (preferred) or
snooze the CVE in .security.yml for a week.
Makefile.example:41: recipe for target 'security' failed
make: *** [security] Error 1

Exited with code exit status 2
@alisan16 alisan16 added Eng: Dependencies Pull requests that update a dependency file Eng: Backend Work Group labels Mar 9, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Eng: Backend Work Group Eng: Dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@alisan16