Merge pull request #432 from sleede/dependabot/bundler/rack-2.2.6.2

(security) CVE-2022-44571
2024-11-29 10:24:20 +01:00 · 2023-01-23 06:45:43 +01:00 · 2023-01-23 06:45:43 +01:00 · c0301a2e14
commit c0301a2e14
parent 029eb90d78 86fae0b594
2 changed files with 2 additions and 1 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -7,6 +7,7 @@
 - Fix a bug: unable to run task fix_invoice_item when some invoice items are associated with errors
 - Fix a bug: invalid event date reported when the timezone in before UTC
 - Fix a bug: unable to run accounting export if a line label was not defined
+- Fix a security issue: updated rack to 2.2.6.2 to fix [CVE-2022-44571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44571)
 - [TODO DEPLOY] `rails fablab:fix:invoice_items_in_error` THEN `rails fablab:fix_invoice_items` THEN `rails db:migrate`

 ## v5.6.5 2023 January 9
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -303,7 +303,7 @@ GEM
      activesupport (>= 3.0.0)
    raabro (1.4.0)
    racc (1.6.1)
-    rack (2.2.4)
+    rack (2.2.6.2)
    rack-oauth2 (1.19.0)
      activesupport
      attr_required