You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
All versions of Rails are affected by a remote code execution bug, CVE-2022-32224, affecting serialized YAML. There are no workarounds- Rails expects everyone to upgrade to safe versions: 7.0.3.1, 6.1.6.1, 6.0.5.1, or 5.2.8.1. These new versions of Rails appear to have caught the community off guard, and frequently require other code changes to successfully upgrade.
hydra-role-management does not call serialize itself, but Blacklight does. Blacklight version 7.28.0 supports the Rails versions above.
Community feedback to the Rails team has led to new tickets and pull requests to make this upgrade easier, and the consensus from the Hyrax Working Group and Tech calls this week is to wait a little while for the dust to settle before implementing this upgrade. The current versions of Ruby on Rails and Blacklight may not be the best to target for this work.
The text was updated successfully, but these errors were encountered:
All versions of Rails are affected by a remote code execution bug, CVE-2022-32224, affecting serialized YAML. There are no workarounds- Rails expects everyone to upgrade to safe versions: 7.0.3.1, 6.1.6.1, 6.0.5.1, or 5.2.8.1. These new versions of Rails appear to have caught the community off guard, and frequently require other code changes to successfully upgrade.
hydra-role-management does not call
serialize
itself, but Blacklight does. Blacklight version 7.28.0 supports the Rails versions above.Community feedback to the Rails team has led to new tickets and pull requests to make this upgrade easier, and the consensus from the Hyrax Working Group and Tech calls this week is to wait a little while for the dust to settle before implementing this upgrade. The current versions of Ruby on Rails and Blacklight may not be the best to target for this work.
The text was updated successfully, but these errors were encountered: