Итак, у меня есть следующая уязвимость безопасности в activesupport, activerecord и actionpack.
Name: actionpack
Version: 5.2.8.1
CVE: CVE-2023-22792
GHSA: GHSA-p84v-45xj-wwqj
Criticality: Unknown
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Title: ReDoS based DoS vulnerability in Action Dispatch
Solution: upgrade to '~> 5.2.8, >= 5.2.8.15', '~> 6.1.7, >= 6.1.7.1', '>= 7.0.4.1'
Name: activerecord
Version: 5.2.8.1
CVE: CVE-2022-44566
GHSA: GHSA-579w-22j4-4749
Criticality: Unknown
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Title: Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Solution: upgrade to '~> 5.2.8, >= 5.2.8.15', '~> 6.1.7, >= 6.1.7.1', '>= 7.0.4.1'
Name: activesupport
Version: 5.2.8.1
CVE: CVE-2023-22796
GHSA: GHSA-j6gc-792m-qgm2
Criticality: Unknown
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Title: ReDoS based DoS vulnerability in Active Support’s underscore
Solution: upgrade to '~> 5.2.8, >= 5.2.8.15', '~> 6.1.7, >= 6.1.7.1', '>= 7.0.4.1'
моя версия рельсов из gemfile
gem 'rails', '~> 5.2.8', '>= 5.2.8.1'
как следует из решения upgrade to '~> 5.2.8, >= 5.2.8.15'
кажется следующим шагом. поэтому я изменил gemfile следующим образом:
gem 'rails', '~> 5.2.8', '>= 5.2.8.15'
а затем bundle install' | I've also done
bundle update`, который дает тот же результат, что и следующий
Fetching gem metadata from https://rubygems.org/..........
Could not find gem 'rails (~> 5.2.8, >= 5.2.8.15)' in rubygems repository https://rubygems.org/ or installed locally.
The source contains the following gems matching 'rails':
* rails-0.8.0
* rails-0.8.5
* rails-0.9.0
* rails-0.9.1
* rails-0.9.2
* rails-0.9.3
* rails-0.9.4
* rails-0.9.4.1
* rails-0.9.5
* rails-0.10.0
* rails-0.10.1
* rails-0.11.0
* rails-0.11.1
* rails-0.12.0
* rails-0.12.1
* rails-0.13.0
* rails-0.13.1
* rails-0.14.1
* rails-0.14.2
* rails-0.14.3
* rails-0.14.4
* rails-1.0.0
* rails-1.1.0
* rails-1.1.1
* rails-1.1.2
* rails-1.1.3
* rails-1.1.4
* rails-1.1.5
* rails-1.1.6
* rails-1.2.0
* rails-1.2.1
* rails-1.2.2
* rails-1.2.3
* rails-1.2.4
* rails-1.2.5
* rails-1.2.6
* rails-2.0.0
* rails-2.0.1
* rails-2.0.2
* rails-2.0.4
* rails-2.0.5
* rails-2.1.0
* rails-2.1.1
* rails-2.1.2
* rails-2.2.2
* rails-2.2.3
* rails-2.3.2
* rails-2.3.3
* rails-2.3.4
* rails-2.3.5
* rails-2.3.6
* rails-2.3.7
* rails-2.3.8.pre1
* rails-2.3.8
* rails-2.3.9.pre
* rails-2.3.9
* rails-2.3.10
* rails-2.3.11
* rails-2.3.12
* rails-2.3.14
* rails-2.3.15
* rails-2.3.16
* rails-2.3.17
* rails-2.3.18
* rails-3.0.0.beta
* rails-3.0.0.beta2
* rails-3.0.0.beta3
* rails-3.0.0.beta4
* rails-3.0.0.rc
* rails-3.0.0.rc2
* rails-3.0.0
* rails-3.0.1
* rails-3.0.2
* rails-3.0.3
* rails-3.0.4.rc1
* rails-3.0.4
* rails-3.0.5.rc1
* rails-3.0.5
* rails-3.0.6.rc1
* rails-3.0.6.rc2
* rails-3.0.6
* rails-3.0.7.rc1
* rails-3.0.7.rc2
* rails-3.0.7
* rails-3.0.8.rc1
* rails-3.0.8.rc2
* rails-3.0.8.rc4
* rails-3.0.8
* rails-3.0.9.rc1
* rails-3.0.9.rc3
* rails-3.0.9.rc4
* rails-3.0.9.rc5
* rails-3.0.9
* rails-3.0.10.rc1
* rails-3.0.10
* rails-3.0.11
* rails-3.0.12.rc1
* rails-3.0.12
* rails-3.0.13.rc1
* rails-3.0.13
* rails-3.0.14
* rails-3.0.15
* rails-3.0.16
* rails-3.0.17
* rails-3.0.18
* rails-3.0.19
* rails-3.0.20
* rails-3.1.0.beta1
* rails-3.1.0.rc1
* rails-3.1.0.rc2
* rails-3.1.0.rc3
* rails-3.1.0.rc4
* rails-3.1.0.rc5
* rails-3.1.0.rc6
* rails-3.1.0.rc8
* rails-3.1.0
* rails-3.1.1.rc1
* rails-3.1.1.rc2
* rails-3.1.1.rc3
* rails-3.1.1
* rails-3.1.2.rc1
* rails-3.1.2.rc2
* rails-3.1.2
* rails-3.1.3
* rails-3.1.4.rc1
* rails-3.1.4
* rails-3.1.5.rc1
* rails-3.1.5
* rails-3.1.6
* rails-3.1.7
* rails-3.1.8
* rails-3.1.9
* rails-3.1.10
* rails-3.1.11
* rails-3.1.12
* rails-3.2.0.rc1
* rails-3.2.0.rc2
* rails-3.2.0
* rails-3.2.1
* rails-3.2.2.rc1
* rails-3.2.2
* rails-3.2.3.rc1
* rails-3.2.3.rc2
* rails-3.2.3
* rails-3.2.4.rc1
* rails-3.2.4
* rails-3.2.5
* rails-3.2.6
* rails-3.2.7.rc1
* rails-3.2.7
* rails-3.2.8.rc1
* rails-3.2.8.rc2
* rails-3.2.8
* rails-3.2.9.rc1
* rails-3.2.9.rc2
* rails-3.2.9.rc3
* rails-3.2.9
* rails-3.2.10
* rails-3.2.11
* rails-3.2.12
* rails-3.2.13.rc1
* rails-3.2.13.rc2
* rails-3.2.13
* rails-3.2.14.rc1
* rails-3.2.14.rc2
* rails-3.2.14
* rails-3.2.15.rc1
* rails-3.2.15.rc2
* rails-3.2.15.rc3
* rails-3.2.15
* rails-3.2.16
* rails-3.2.17
* rails-3.2.18
* rails-3.2.19
* rails-3.2.20
* rails-3.2.21
* rails-3.2.22
* rails-3.2.22.1
* rails-3.2.22.2
* rails-3.2.22.3
* rails-3.2.22.4
* rails-3.2.22.5
* rails-4.0.0.beta1
* rails-4.0.0.rc1
* rails-4.0.0.rc2
* rails-4.0.0
* rails-4.0.1.rc1
* rails-4.0.1.rc2
* rails-4.0.1.rc3
* rails-4.0.1.rc4
* rails-4.0.1
* rails-4.0.2
* rails-4.0.3
* rails-4.0.4.rc1
* rails-4.0.4
* rails-4.0.5
* rails-4.0.6.rc1
* rails-4.0.6.rc2
* rails-4.0.6.rc3
* rails-4.0.6
* rails-4.0.7
* rails-4.0.8
* rails-4.0.9
* rails-4.0.10.rc1
* rails-4.0.10.rc2
* rails-4.0.10
* rails-4.0.11
* rails-4.0.11.1
* rails-4.0.12
* rails-4.0.13.rc1
* rails-4.0.13
* rails-4.1.0.beta1
* rails-4.1.0.beta2
* rails-4.1.0.rc1
* rails-4.1.0.rc2
* rails-4.1.0
* rails-4.1.1
* rails-4.1.2.rc1
* rails-4.1.2.rc2
* rails-4.1.2.rc3
* rails-4.1.2
* rails-4.1.3
* rails-4.1.4
* rails-4.1.5
* rails-4.1.6.rc1
* rails-4.1.6.rc2
* rails-4.1.6
* rails-4.1.7
* rails-4.1.7.1
* rails-4.1.8
* rails-4.1.9.rc1
* rails-4.1.9
* rails-4.1.10.rc1
* rails-4.1.10.rc2
* rails-4.1.10.rc3
* rails-4.1.10.rc4
* rails-4.1.10
* rails-4.1.11
* rails-4.1.12.rc1
* rails-4.1.12
* rails-4.1.13.rc1
* rails-4.1.13
* rails-4.1.14.rc1
* rails-4.1.14.rc2
* rails-4.1.14
* rails-4.1.14.1
* rails-4.1.14.2
* rails-4.1.15.rc1
* rails-4.1.15
* rails-4.1.16.rc1
* rails-4.1.16
* rails-4.2.0.beta1
* rails-4.2.0.beta2
* rails-4.2.0.beta3
* rails-4.2.0.beta4
* rails-4.2.0.rc1
* rails-4.2.0.rc2
* rails-4.2.0.rc3
* rails-4.2.0
* rails-4.2.1.rc1
* rails-4.2.1.rc2
* rails-4.2.1.rc3
* rails-4.2.1.rc4
* rails-4.2.1
* rails-4.2.2
* rails-4.2.3.rc1
* rails-4.2.3
* rails-4.2.4.rc1
* rails-4.2.4
* rails-4.2.5.rc1
* rails-4.2.5.rc2
* rails-4.2.5
* rails-4.2.5.1
* rails-4.2.5.2
* rails-4.2.6.rc1
* rails-4.2.6
* rails-4.2.7.rc1
* rails-4.2.7
* rails-4.2.7.1
* rails-4.2.8.rc1
* rails-4.2.8
* rails-4.2.9.rc1
* rails-4.2.9.rc2
* rails-4.2.9
* rails-4.2.10.rc1
* rails-4.2.10
* rails-4.2.11
* rails-4.2.11.1
* rails-4.2.11.2
* rails-4.2.11.3
* rails-5.0.0.beta1
* rails-5.0.0.beta1.1
* rails-5.0.0.beta2
* rails-5.0.0.beta3
* rails-5.0.0.beta4
* rails-5.0.0.racecar1
* rails-5.0.0.rc1
* rails-5.0.0.rc2
* rails-5.0.0
* rails-5.0.0.1
* rails-5.0.1.rc1
* rails-5.0.1.rc2
* rails-5.0.1
* rails-5.0.2.rc1
* rails-5.0.2
* rails-5.0.3
* rails-5.0.4.rc1
* rails-5.0.4
* rails-5.0.5.rc1
* rails-5.0.5.rc2
* rails-5.0.5
* rails-5.0.6.rc1
* rails-5.0.6
* rails-5.0.7
* rails-5.0.7.1
* rails-5.0.7.2
* rails-5.1.0.beta1
* rails-5.1.0.rc1
* rails-5.1.0.rc2
* rails-5.1.0
* rails-5.1.1
* rails-5.1.2.rc1
* rails-5.1.2
* rails-5.1.3.rc1
* rails-5.1.3.rc2
* rails-5.1.3.rc3
* rails-5.1.3
* rails-5.1.4.rc1
* rails-5.1.4
* rails-5.1.5.rc1
* rails-5.1.5
* rails-5.1.6
* rails-5.1.6.1
* rails-5.1.6.2
* rails-5.1.7.rc1
* rails-5.1.7
* rails-5.2.0.beta1
* rails-5.2.0.beta2
* rails-5.2.0.rc1
* rails-5.2.0.rc2
* rails-5.2.0
* rails-5.2.1.rc1
* rails-5.2.1
* rails-5.2.1.1
* rails-5.2.2.rc1
* rails-5.2.2
* rails-5.2.2.1
* rails-5.2.3.rc1
* rails-5.2.3
* rails-5.2.4.rc1
* rails-5.2.4
* rails-5.2.4.1
* rails-5.2.4.2
* rails-5.2.4.3
* rails-5.2.4.4
* rails-5.2.4.5
* rails-5.2.4.6
* rails-5.2.5
* rails-5.2.6
* rails-5.2.6.1
* rails-5.2.6.2
* rails-5.2.6.3
* rails-5.2.7
* rails-5.2.7.1
* rails-5.2.8
* rails-5.2.8.1
* rails-6.0.0.beta1
* rails-6.0.0.beta2
* rails-6.0.0.beta3
* rails-6.0.0.rc1
* rails-6.0.0.rc2
* rails-6.0.0
* rails-6.0.1.rc1
* rails-6.0.1
* rails-6.0.2.rc1
* rails-6.0.2.rc2
* rails-6.0.2
* rails-6.0.2.1
* rails-6.0.2.2
* rails-6.0.3.rc1
* rails-6.0.3
* rails-6.0.3.1
* rails-6.0.3.2
* rails-6.0.3.3
* rails-6.0.3.4
* rails-6.0.3.5
* rails-6.0.3.6
* rails-6.0.3.7
* rails-6.0.4
* rails-6.0.4.1
* rails-6.0.4.2
* rails-6.0.4.3
* rails-6.0.4.4
* rails-6.0.4.5
* rails-6.0.4.6
* rails-6.0.4.7
* rails-6.0.4.8
* rails-6.0.5
* rails-6.0.5.1
* rails-6.0.6
* rails-6.0.6.1
* rails-6.1.0.rc1
* rails-6.1.0.rc2
* rails-6.1.0
* rails-6.1.1
* rails-6.1.2
* rails-6.1.2.1
* rails-6.1.3
* rails-6.1.3.1
* rails-6.1.3.2
* rails-6.1.4
* rails-6.1.4.1
* rails-6.1.4.2
* rails-6.1.4.3
* rails-6.1.4.4
* rails-6.1.4.5
* rails-6.1.4.6
* rails-6.1.4.7
* rails-6.1.5
* rails-6.1.5.1
* rails-6.1.6
* rails-6.1.6.1
* rails-6.1.7
* rails-6.1.7.1
* rails-6.1.7.2
* rails-7.0.0.alpha1
* rails-7.0.0.alpha2
* rails-7.0.0.rc1
* rails-7.0.0.rc2
* rails-7.0.0.rc3
* rails-7.0.0
* rails-7.0.1
* rails-7.0.2
* rails-7.0.2.1
* rails-7.0.2.2
* rails-7.0.2.3
* rails-7.0.2.4
* rails-7.0.3
* rails-7.0.3.1
* rails-7.0.4
* rails-7.0.4.1
* rails-7.0.4.2
Что я делаю не так. как я могу обновить эти три (activesupport, activerecord и actionpack)?
🤔 А знаете ли вы, что...
Rails включает в себя генераторы кода, которые позволяют быстро создавать структуру приложения и его компоненты.
После определения новых правил и версий в вашем Gemfile запустите:
bundle update rails
Это также обновит все прямые зависимости Rails.
Но! убедитесь, что версия существует на RubyGems: https://rubygems.org/gems/rails/versions (кажется, v5.2.8.15 не существует).
Я получил такое же предупреждение, я исследую и нашел эту ссылку с информацией о новых проблемах безопасности: https://makandracards.com/railslts/508019-rails-5-2-lts-changelog Я подтвердил и по этой ссылке: https://mailchi.mp/railslts/rails-lts-multiple-dos-vulnerabilities-in-rails-rack-and-globalid Также Dependabot показал мне ту же информацию на GitHub.