🗞️Rails Versions 6.1.7.7, 7.0.8.1, and 7.1.3.2 have been released!

🗿Semantically Similar Articles (by :title_embedding)

🗄️ 10.4 🔗 2023Mar30 Ruby 3.2.2 Released (📰 Ruby (EN RSS))
🗄️ 10.5 🔗 Jan18 Ruby 3.2.3 Released (📰 Ruby (EN RSS))
🗄️ 10.9 🔗 2023Dec11 Ruby 3.3.0-rc1 Released (📰 Ruby (EN RSS))
🗄️ 10.9 🔗 2023Dec25 Ruby 3.3.0 Released (📰 Ruby (EN RSS))
🗄️ 11.8 🔗 Mar22 Rails guides facelift, two new official gems and more! (🧑🏻‍💻 vipulnsward)

Rails Versions 6.1.7.7, 7.0.8.1, and 7.1.3.2 have been released!

2024-02-21 - tenderlove (from Ruby on Rails)

Hi folks,

Hi folks, Rails versions 6.1.7.7, 7.0.8.1, and 7.1.3.2 have been released! These are security releases, so please upgrade at your earliest convenience. The 7.1.3.1 releases contained a small bug, so we released 7.1.3.2 with a bug fix, but it doesn’t contain any other changes. Here is a list of security issues that these releases address: CVE-2024-26143 Possible XSS Vulnerability in Action Controller, fixed in 7.1.3.1, 7.1.3.2, and 7.0.8.1 CVE-2024-26142 Possible ReDoS vulnerability in Accept header parsing in Action Dispatch, fixed in 7.1.3.1 and 7.1.3.2 CVE-2024-26144 Possible Sensitive Session Information Leak in Active Storage, fixed in 7.0.8.1 and 6.1.7.7 (does not impact Rails versions >= 7.1.0) Additionally there have been new releases of Rack to address DoS vulnerabilities. CVE-2024-25126 Denial of Service Vulnerability in Rack Content-Type Parsing CVE-2024-26141 Possible DoS Vulnerability with Range Header in Rack CVE-2024-26146 Possible Denial of Service Vulnerability in Rack Header Parsing Here are the shasums for the released gems: $ shasum * fde325a53820f30abafc4bb4b347b0736628ea04 actioncable-6.1.7.7.gem f6f7cf383f78ed8e08df218c34ddad9ced8d1273 actionmailbox-6.1.7.7.gem 20a64a0b1fe686e37be5eb9cab76570f2570ee36 actionmailer-6.1.7.7.gem cbca1f87e850838155a7206d18813e89756ecaf3 actionpack-6.1.7.7.gem 256c10f7bb958b3238b421bcc525088eeeac89cb actiontext-6.1.7.7.gem e85974ee48b23a113d081408509e6747ed72827d actionview-6.1.7.7.gem 62772d40e9936f2d8a0acc1c62062db0d60c6b16 activejob-6.1.7.7.gem c198e520935690894782bce6ffdf12146e989a35 activemodel-6.1.7.7.gem d75ec02999c524aac4554d32ad1b2ef5ff0d4a82 activerecord-6.1.7.7.gem 0d8b7639a9960cad7580753f9e4884e79b9bf29e activestorage-6.1.7.7.gem 0425128486718960e4d03e2f77d402bd7128ad72 activesupport-6.1.7.7.gem 974b54eec71a35bbe54b17d7ba33a2faa36d18cc rails-6.1.7.7.gem 309d9712e0fa0ead733d2bac2e19be67af47c70e railties-6.1.7.7.gem $ shasum *7.0.8* 2a750ca4a7fee4911bad13ecc5c278c19b167ba7 actioncable-7.0.8.1.gem db5281a00c766de7e9ed8eec25e925f8936c6393 actionmailbox-7.0.8.1.gem 6120cf7f8e65f0b6a9995dd0b6bf474fde41c7cc actionmailer-7.0.8.1.gem baf14ff44dc1ec750762a623bbeec46b2bd75f96 actionpack-7.0.8.1.gem 308176ee3b26ae698d322829b5e5eb5793f866fd actiontext-7.0.8.1.gem a45c2cf000e48fa1c82bccd6c539c2c696ec5a88 actionview-7.0.8.1.gem b524d5945b26da59fae0a9479f6b91bc3604f1d3 activejob-7.0.8.1.gem 6e8ac1b56560cd88c99969e90c4cd0a09c2d5e52 activemodel-7.0.8.1.gem a6e56da9f79d257c1d177934e71c37330e2299e8 activerecord-7.0.8.1.gem cafd8f2b3ab7e3518f31fda5415a2ba8ea950438 activestorage-7.0.8.1.gem 0ed4714f50af12eec79f4920be0a2904060f91dc activesupport-7.0.8.1.gem 4bae873adc4c8f0a55f420cc760dfd6e654b5a5e rails-7.0.8.1.gem 311ece40612800ba313297ed48864104f8cea3fc railties-7.0.8.1.gem $ shasum *7.1.3* 48acdf80911e36c28b1a4a41d35e0839b2012e18 actioncable-7.1.3.1.gem 2d7892180a9f634b5990936ef62bd235929e7aa4 actionmailbox-7.1.3.1.gem ac5af97df307e8a2c9e18d25bad5cc0a6ab94601 actionmailer-7.1.3.1.gem 7acf5030984399294569c9c728f90ccf80605d72 actionpack-7.1.3.1.gem cf9ce4ddd5f5dfb39acc4623b83219e6f23e583c actiontext-7.1.3.1.gem 516bf01e9b9c6c22d00c638b080f3c7979441590 actionview-7.1.3.1.gem 87567827a03edc68b526b1c1985b3abd0446fe3d activejob-7.1.3.1.gem 2e9e85525a7fcb600be0da047dd2ea2ce9758651 activemodel-7.1.3.1.gem 63fd22bd16674dfa2c82113faf93eb9edabaae40 activerecord-7.1.3.1.gem ac0f3843a89cf2b2abf05e313e91dfac979bdff4 activestorage-7.1.3.1.gem d9afe2694fd2f7bf454ef97284d7f4b7714d3ad5 activesupport-7.1.3.1.gem 915467fae49bf35ce6db031ebf95361548f18fed rails-7.1.3.1.gem b5acf92bf12b7471739d2eb1e77eeaa0dc6c46c0 railties-7.1.3.1.gem $ shasum *7.1.3.2.gem 566f20dda50142697624a547661e7d29f773b93d actioncable-7.1.3.2.gem 1a18a7e26f035079490943b0568a0bbd5ae0305d actionmailbox-7.1.3.2.gem 3700b58d39fa68fd0ccdc8a520466bdda0f36c5e actionmailer-7.1.3.2.gem ab928d52a489011666e6b2803fe8a99010092c13 actionpack-7.1.3.2.gem c4a2d6f87ee7d225325b73b81644e83f5cb34f78 actiontext-7.1.3.2.gem 4d9a3fdf4468a34c91462fbe5c7c82933a81ef59 actionview-7.1.3.2.gem fe128d9c989724cb8f9cf3c8d28d4b131c6672cb activejob-7.1.3.2.gem f9d632bb56c8b0408908974ca864b61f3810ae57 activemodel-7.1.3.2.gem 147c1076781e5b4eb7b14e6665792b84e7e98dbc activerecord-7.1.3.2.gem 57a5febb26107eeaccd565b38583050897fe8bce activestorage-7.1.3.2.gem aab6830abe8edc591279c96c4b3dfd02ed2a0de6 activesupport-7.1.3.2.gem fa45e799c238f90978870daf632ba5295416ddbb rails-7.1.3.2.gem e03f4d8da3fecc6d659e75bc898bf20c7885b311 railties-7.1.3.2.gem This is a reminder that the 6.1 series only receives critical security updates. Users are encouraged to upgrade as soon as possible. On a personal note, backporting fixes to Rails versions that old is not fun so please upgrade! Have a good day!

🏷️ releases

[Technology] 🌎 https://rubyonrails.org/2024/2/21/Rails-Versions-6-1-7-7-7-0-8-1-and-7-1-3-2-have-been-released

🗿article.to_s

------------------------------
Title: Rails Versions 6.1.7.7, 7.0.8.1, and 7.1.3.2 have been released!
Summary: Hi folks,

[content]
Hi folks,

Rails versions 6.1.7.7, 7.0.8.1, and 7.1.3.2 have been released!

These are security releases, so please upgrade at your earliest convenience.

The 7.1.3.1 releases contained a small bug, so we released 7.1.3.2 with a bug fix, but it doesn’t contain any other changes.

Here is a list of security issues that these releases address:


  CVE-2024-26143 Possible XSS Vulnerability in Action Controller, fixed in 7.1.3.1, 7.1.3.2, and 7.0.8.1
  CVE-2024-26142 Possible ReDoS vulnerability in Accept header parsing in Action Dispatch, fixed in 7.1.3.1 and 7.1.3.2
  CVE-2024-26144 Possible Sensitive Session Information Leak in Active Storage, fixed in 7.0.8.1 and 6.1.7.7 (does not impact Rails versions &gt;= 7.1.0)


Additionally there have been new releases of Rack to address DoS vulnerabilities.

CVE-2024-25126 Denial of Service Vulnerability in Rack Content-Type Parsing
CVE-2024-26141 Possible DoS Vulnerability with Range Header in Rack
CVE-2024-26146 Possible Denial of Service Vulnerability in Rack Header Parsing

Here are the shasums for the released gems:

$ shasum *
fde325a53820f30abafc4bb4b347b0736628ea04  actioncable-6.1.7.7.gem
f6f7cf383f78ed8e08df218c34ddad9ced8d1273  actionmailbox-6.1.7.7.gem
20a64a0b1fe686e37be5eb9cab76570f2570ee36  actionmailer-6.1.7.7.gem
cbca1f87e850838155a7206d18813e89756ecaf3  actionpack-6.1.7.7.gem
256c10f7bb958b3238b421bcc525088eeeac89cb  actiontext-6.1.7.7.gem
e85974ee48b23a113d081408509e6747ed72827d  actionview-6.1.7.7.gem
62772d40e9936f2d8a0acc1c62062db0d60c6b16  activejob-6.1.7.7.gem
c198e520935690894782bce6ffdf12146e989a35  activemodel-6.1.7.7.gem
d75ec02999c524aac4554d32ad1b2ef5ff0d4a82  activerecord-6.1.7.7.gem
0d8b7639a9960cad7580753f9e4884e79b9bf29e  activestorage-6.1.7.7.gem
0425128486718960e4d03e2f77d402bd7128ad72  activesupport-6.1.7.7.gem
974b54eec71a35bbe54b17d7ba33a2faa36d18cc  rails-6.1.7.7.gem
309d9712e0fa0ead733d2bac2e19be67af47c70e  railties-6.1.7.7.gem

$ shasum *7.0.8*
2a750ca4a7fee4911bad13ecc5c278c19b167ba7  actioncable-7.0.8.1.gem
db5281a00c766de7e9ed8eec25e925f8936c6393  actionmailbox-7.0.8.1.gem
6120cf7f8e65f0b6a9995dd0b6bf474fde41c7cc  actionmailer-7.0.8.1.gem
baf14ff44dc1ec750762a623bbeec46b2bd75f96  actionpack-7.0.8.1.gem
308176ee3b26ae698d322829b5e5eb5793f866fd  actiontext-7.0.8.1.gem
a45c2cf000e48fa1c82bccd6c539c2c696ec5a88  actionview-7.0.8.1.gem
b524d5945b26da59fae0a9479f6b91bc3604f1d3  activejob-7.0.8.1.gem
6e8ac1b56560cd88c99969e90c4cd0a09c2d5e52  activemodel-7.0.8.1.gem
a6e56da9f79d257c1d177934e71c37330e2299e8  activerecord-7.0.8.1.gem
cafd8f2b3ab7e3518f31fda5415a2ba8ea950438  activestorage-7.0.8.1.gem
0ed4714f50af12eec79f4920be0a2904060f91dc  activesupport-7.0.8.1.gem
4bae873adc4c8f0a55f420cc760dfd6e654b5a5e  rails-7.0.8.1.gem
311ece40612800ba313297ed48864104f8cea3fc  railties-7.0.8.1.gem

$ shasum *7.1.3*
48acdf80911e36c28b1a4a41d35e0839b2012e18  actioncable-7.1.3.1.gem
2d7892180a9f634b5990936ef62bd235929e7aa4  actionmailbox-7.1.3.1.gem
ac5af97df307e8a2c9e18d25bad5cc0a6ab94601  actionmailer-7.1.3.1.gem
7acf5030984399294569c9c728f90ccf80605d72  actionpack-7.1.3.1.gem
cf9ce4ddd5f5dfb39acc4623b83219e6f23e583c  actiontext-7.1.3.1.gem
516bf01e9b9c6c22d00c638b080f3c7979441590  actionview-7.1.3.1.gem
87567827a03edc68b526b1c1985b3abd0446fe3d  activejob-7.1.3.1.gem
2e9e85525a7fcb600be0da047dd2ea2ce9758651  activemodel-7.1.3.1.gem
63fd22bd16674dfa2c82113faf93eb9edabaae40  activerecord-7.1.3.1.gem
ac0f3843a89cf2b2abf05e313e91dfac979bdff4  activestorage-7.1.3.1.gem
d9afe2694fd2f7bf454ef97284d7f4b7714d3ad5  activesupport-7.1.3.1.gem
915467fae49bf35ce6db031ebf95361548f18fed  rails-7.1.3.1.gem
b5acf92bf12b7471739d2eb1e77eeaa0dc6c46c0  railties-7.1.3.1.gem

$ shasum *7.1.3.2.gem
566f20dda50142697624a547661e7d29f773b93d  actioncable-7.1.3.2.gem
1a18a7e26f035079490943b0568a0bbd5ae0305d  actionmailbox-7.1.3.2.gem
3700b58d39fa68fd0ccdc8a520466bdda0f36c5e  actionmailer-7.1.3.2.gem
ab928d52a489011666e6b2803fe8a99010092c13  actionpack-7.1.3.2.gem
c4a2d6f87ee7d225325b73b81644e83f5cb34f78  actiontext-7.1.3.2.gem
4d9a3fdf4468a34c91462fbe5c7c82933a81ef59  actionview-7.1.3.2.gem
fe128d9c989724cb8f9cf3c8d28d4b131c6672cb  activejob-7.1.3.2.gem
f9d632bb56c8b0408908974ca864b61f3810ae57  activemodel-7.1.3.2.gem
147c1076781e5b4eb7b14e6665792b84e7e98dbc  activerecord-7.1.3.2.gem
57a5febb26107eeaccd565b38583050897fe8bce  activestorage-7.1.3.2.gem
aab6830abe8edc591279c96c4b3dfd02ed2a0de6  activesupport-7.1.3.2.gem
fa45e799c238f90978870daf632ba5295416ddbb  rails-7.1.3.2.gem
e03f4d8da3fecc6d659e75bc898bf20c7885b311  railties-7.1.3.2.gem


This is a reminder that the 6.1 series only receives critical security updates.
Users are encouraged to upgrade as soon as possible.

On a personal note, backporting fixes to Rails versions that old is not fun so please upgrade!

Have a good day!
[/content]

Author: tenderlove
PublishedDate: 2024-02-21
Category: Technology
NewsPaper: Ruby on Rails
Tags: releases

{"id"=>3190,
"title"=>"Rails Versions 6.1.7.7, 7.0.8.1, and 7.1.3.2 have been released!",
"summary"=>"Hi folks,",
"content"=>"

Hi folks,

\n\n

Rails versions 6.1.7.7, 7.0.8.1, and 7.1.3.2 have been released!

\n\n

These are security releases, so please upgrade at your earliest convenience.

\n\n

The 7.1.3.1 releases contained a small bug, so we released 7.1.3.2 with a bug fix, but it doesn’t contain any other changes.

\n\n

Here is a list of security issues that these releases address:

\n\n

CVE-2024-26143 Possible XSS Vulnerability in Action Controller, fixed in 7.1.3.1, 7.1.3.2, and 7.0.8.1
CVE-2024-26142 Possible ReDoS vulnerability in Accept header parsing in Action Dispatch, fixed in 7.1.3.1 and 7.1.3.2
CVE-2024-26144 Possible Sensitive Session Information Leak in Active Storage, fixed in 7.0.8.1 and 6.1.7.7 (does not impact Rails versions >= 7.1.0)

\n\n

Additionally there have been new releases of Rack to address DoS vulnerabilities.

\n\n

CVE-2024-25126 Denial of Service Vulnerability in Rack Content-Type Parsing\nCVE-2024-26141 Possible DoS Vulnerability with Range Header in Rack\nCVE-2024-26146 Possible Denial of Service Vulnerability in Rack Header Parsing

\n\n

Here are the shasums for the released gems:

\n\n

$ shasum *\nfde325a53820f30abafc4bb4b347b0736628ea04  actioncable-6.1.7.7.gem\nf6f7cf383f78ed8e08df218c34ddad9ced8d1273  actionmailbox-6.1.7.7.gem\n20a64a0b1fe686e37be5eb9cab76570f2570ee36  actionmailer-6.1.7.7.gem\ncbca1f87e850838155a7206d18813e89756ecaf3  actionpack-6.1.7.7.gem\n256c10f7bb958b3238b421bcc525088eeeac89cb  actiontext-6.1.7.7.gem\ne85974ee48b23a113d081408509e6747ed72827d  actionview-6.1.7.7.gem\n62772d40e9936f2d8a0acc1c62062db0d60c6b16  activejob-6.1.7.7.gem\nc198e520935690894782bce6ffdf12146e989a35  activemodel-6.1.7.7.gem\nd75ec02999c524aac4554d32ad1b2ef5ff0d4a82  activerecord-6.1.7.7.gem\n0d8b7639a9960cad7580753f9e4884e79b9bf29e  activestorage-6.1.7.7.gem\n0425128486718960e4d03e2f77d402bd7128ad72  activesupport-6.1.7.7.gem\n974b54eec71a35bbe54b17d7ba33a2faa36d18cc  rails-6.1.7.7.gem\n309d9712e0fa0ead733d2bac2e19be67af47c70e  railties-6.1.7.7.gem\n\n$ shasum *7.0.8*\n2a750ca4a7fee4911bad13ecc5c278c19b167ba7  actioncable-7.0.8.1.gem\ndb5281a00c766de7e9ed8eec25e925f8936c6393  actionmailbox-7.0.8.1.gem\n6120cf7f8e65f0b6a9995dd0b6bf474fde41c7cc  actionmailer-7.0.8.1.gem\nbaf14ff44dc1ec750762a623bbeec46b2bd75f96  actionpack-7.0.8.1.gem\n308176ee3b26ae698d322829b5e5eb5793f866fd  actiontext-7.0.8.1.gem\na45c2cf000e48fa1c82bccd6c539c2c696ec5a88  actionview-7.0.8.1.gem\nb524d5945b26da59fae0a9479f6b91bc3604f1d3  activejob-7.0.8.1.gem\n6e8ac1b56560cd88c99969e90c4cd0a09c2d5e52  activemodel-7.0.8.1.gem\na6e56da9f79d257c1d177934e71c37330e2299e8  activerecord-7.0.8.1.gem\ncafd8f2b3ab7e3518f31fda5415a2ba8ea950438  activestorage-7.0.8.1.gem\n0ed4714f50af12eec79f4920be0a2904060f91dc  activesupport-7.0.8.1.gem\n4bae873adc4c8f0a55f420cc760dfd6e654b5a5e  rails-7.0.8.1.gem\n311ece40612800ba313297ed48864104f8cea3fc  railties-7.0.8.1.gem\n\n$ shasum *7.1.3*\n48acdf80911e36c28b1a4a41d35e0839b2012e18  actioncable-7.1.3.1.gem\n2d7892180a9f634b5990936ef62bd235929e7aa4  actionmailbox-7.1.3.1.gem\nac5af97df307e8a2c9e18d25bad5cc0a6ab94601  actionmailer-7.1.3.1.gem\n7acf5030984399294569c9c728f90ccf80605d72  actionpack-7.1.3.1.gem\ncf9ce4ddd5f5dfb39acc4623b83219e6f23e583c  actiontext-7.1.3.1.gem\n516bf01e9b9c6c22d00c638b080f3c7979441590  actionview-7.1.3.1.gem\n87567827a03edc68b526b1c1985b3abd0446fe3d  activejob-7.1.3.1.gem\n2e9e85525a7fcb600be0da047dd2ea2ce9758651  activemodel-7.1.3.1.gem\n63fd22bd16674dfa2c82113faf93eb9edabaae40  activerecord-7.1.3.1.gem\nac0f3843a89cf2b2abf05e313e91dfac979bdff4  activestorage-7.1.3.1.gem\nd9afe2694fd2f7bf454ef97284d7f4b7714d3ad5  activesupport-7.1.3.1.gem\n915467fae49bf35ce6db031ebf95361548f18fed  rails-7.1.3.1.gem\nb5acf92bf12b7471739d2eb1e77eeaa0dc6c46c0  railties-7.1.3.1.gem\n\n$ shasum *7.1.3.2.gem\n566f20dda50142697624a547661e7d29f773b93d  actioncable-7.1.3.2.gem\n1a18a7e26f035079490943b0568a0bbd5ae0305d  actionmailbox-7.1.3.2.gem\n3700b58d39fa68fd0ccdc8a520466bdda0f36c5e  actionmailer-7.1.3.2.gem\nab928d52a489011666e6b2803fe8a99010092c13  actionpack-7.1.3.2.gem\nc4a2d6f87ee7d225325b73b81644e83f5cb34f78  actiontext-7.1.3.2.gem\n4d9a3fdf4468a34c91462fbe5c7c82933a81ef59  actionview-7.1.3.2.gem\nfe128d9c989724cb8f9cf3c8d28d4b131c6672cb  activejob-7.1.3.2.gem\nf9d632bb56c8b0408908974ca864b61f3810ae57  activemodel-7.1.3.2.gem\n147c1076781e5b4eb7b14e6665792b84e7e98dbc  activerecord-7.1.3.2.gem\n57a5febb26107eeaccd565b38583050897fe8bce  activestorage-7.1.3.2.gem\naab6830abe8edc591279c96c4b3dfd02ed2a0de6  activesupport-7.1.3.2.gem\nfa45e799c238f90978870daf632ba5295416ddbb  rails-7.1.3.2.gem\ne03f4d8da3fecc6d659e75bc898bf20c7885b311  railties-7.1.3.2.gem\n

\n\n

This is a reminder that the 6.1 series only receives critical security updates.\nUsers are encouraged to upgrade as soon as possible.

\n\n

On a personal note, backporting fixes to Rails versions that old is not fun so please upgrade!

\n\n

Have a good day!

",
"author"=>"tenderlove",
"link"=>"https://rubyonrails.org/2024/2/21/Rails-Versions-6-1-7-7-7-0-8-1-and-7-1-3-2-have-been-released",
"published_date"=>Wed, 21 Feb 2024 21:27:42.000000000 UTC +00:00,
"image_url"=>nil,
"feed_url"=>"https://rubyonrails.org/2024/2/21/Rails-Versions-6-1-7-7-7-0-8-1-and-7-1-3-2-have-been-released",
"language"=>nil,
"active"=>true,
"ricc_source"=>"feedjira::v1",
"created_at"=>Wed, 03 Apr 2024 14:31:20.981132000 UTC +00:00,
"updated_at"=>Tue, 14 May 2024 04:41:53.782033000 UTC +00:00,
"newspaper"=>"Ruby on Rails",
"macro_region"=>"Technology"}

Edit this article

Back to articles