Skip to content

Update rack dependency to >=3.2.5#151

Merged
strehle merged 1 commit into
cloudfoundry:mainfrom
ttrabold:patch-1
Feb 27, 2026
Merged

Update rack dependency to >=3.2.5#151
strehle merged 1 commit into
cloudfoundry:mainfrom
ttrabold:patch-1

Conversation

@ttrabold

Copy link
Copy Markdown
Contributor

Update rack dependency to >=3.2.5 due to CVE-2026-22860

Update rack dependency to >=3.2.5 due to CVE-2026-22860
@linux-foundation-easycla

linux-foundation-easycla Bot commented Feb 27, 2026

Copy link
Copy Markdown

CLA Signed

The committers listed above are authorized under a signed CLA.

  • ✅ login: ttrabold / name: tim-sap (0331b68)

@strehle

strehle commented Feb 27, 2026

Copy link
Copy Markdown
Member

@ttrabold Thanks for your PR, please sign the CLA and then we can proceed

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the minimum version requirement for the rack runtime dependency from >= 3.2.4 to >= 3.2.5 to address a security vulnerability. The change maintains the same version constraint (~> 3.2) while bumping only the minimum patch version.

Changes:

  • Updated rack dependency minimum version from 3.2.4 to 3.2.5 in the gemspec file

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@ttrabold

ttrabold commented Feb 27, 2026

Copy link
Copy Markdown
Contributor Author

Done, the SAP colleagues need to approve apparently :)

@github-project-automation github-project-automation Bot moved this from Inbox to Pending Merge | Prioritized in Foundational Infrastructure Working Group Feb 27, 2026
@strehle

strehle commented Feb 27, 2026

Copy link
Copy Markdown
Member

I recommend to sign CLA individually... (it did this some years ago) because it could otherwise take some time ....

@strehle

strehle commented Feb 27, 2026

Copy link
Copy Markdown
Member

/CLA

@strehle strehle merged commit 5406ae6 into cloudfoundry:main Feb 27, 2026
10 checks passed
@github-project-automation github-project-automation Bot moved this from Pending Merge | Prioritized to Done in Foundational Infrastructure Working Group Feb 27, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

Development

Successfully merging this pull request may close these issues.

3 participants