Project

General

Profile

Actions

Bug #35663

closed

Relax JWT pin to get newer versions of the gem

Added by Evgeni Golov almost 2 years ago. Updated almost 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Packaging
Target version:
-
Difficulty:
Triaged:
Yes
Fixed in Releases:
Found in Releases:

Description

JWT is a security relevant gem, but we're currently pinning it to a rather old version (~> 2.2.2, which resolves to 2.2.3 April 2021 currently).
The latest version is 2.5.0 (from August 2022) and while I couldn't find any explicit issues in the changelog that would affect us, any security updates that would come now, would come for that branch, not 2.2.z.

Actions #1

Updated by The Foreman Bot almost 2 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/9479 added
Actions #2

Updated by The Foreman Bot almost 2 years ago

  • Fixed in Releases 3.5.0 added
Actions #3

Updated by Evgeni Golov almost 2 years ago

  • Status changed from Ready For Testing to Closed
Actions #4

Updated by Ewoud Kohl van Wijngaarden almost 2 years ago

  • Category changed from Authentication to Packaging
  • Triaged changed from No to Yes
Actions

Also available in: Atom PDF