Skip to content

Commit 2741dc4

Browse files
build(deps): bump rack-session to 2.1.2 (GHSA-33qg-7wpp-89cq) (#67)
Bumps the transitive rack-session dependency from 2.1.0 to 2.1.2 to resolve a critical advisory: Rack::Session::Cookie's decrypt-failure fallback enables secretless session forgery and Marshal deserialization (vulnerable range >= 2.0.0, < 2.1.2). Conservative lockfile-only change; no direct Gemfile dependency touched. Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
1 parent c16ddce commit 2741dc4

1 file changed

Lines changed: 1 addition & 1 deletion

File tree

Gemfile.lock

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -202,7 +202,7 @@ GEM
202202
public_suffix (6.0.1)
203203
racc (1.8.1)
204204
rack (3.1.12)
205-
rack-session (2.1.0)
205+
rack-session (2.1.2)
206206
base64 (>= 0.1.0)
207207
rack (>= 3.0.0)
208208
rack-test (2.2.0)

0 commit comments

Comments
 (0)