Project

General

Profile

Bug #35663

Relax JWT pin to get newer versions of the gem

Added by Evgeni Golov about 1 month ago. Updated 1 day ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Packaging
Target version:
-
Difficulty:
Triaged:
Yes
Bugzilla link:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

JWT is a security relevant gem, but we're currently pinning it to a rather old version (~> 2.2.2, which resolves to 2.2.3 April 2021 currently).
The latest version is 2.5.0 (from August 2022) and while I couldn't find any explicit issues in the changelog that would affect us, any security updates that would come now, would come for that branch, not 2.2.z.

Associated revisions

Revision ab0aa35a (diff)
Added by Evgeni Golov about 1 month ago

Fixes #35663 - relax jwt pin to accept newer versions than 2.2.z

History

#1 Updated by The Foreman Bot about 1 month ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/9479 added

#2 Updated by The Foreman Bot about 1 month ago

  • Fixed in Releases 3.5.0 added

#3 Updated by Evgeni Golov about 1 month ago

  • Status changed from Ready For Testing to Closed

#4 Updated by Ewoud Kohl van Wijngaarden 1 day ago

  • Triaged changed from No to Yes
  • Category changed from Authentication to Packaging

Also available in: Atom PDF