DNA schedule2d ago
Mike Perham 
Mysterious warning to Ruby app maintainers: “bundle update rack” asap.
Apr 1 at 6:02pmWeb
Show threadKevin McPhillips2d ago
@getajobmike This? https://github.com/rack/rack/commit/8979a1689b65a02f0363fe81e7290ae5d6c45724
Use `String#bytesize` for `Content-Length` in error responses. · rack/rack@8979a16

`String#size` returns character count, not byte count. For responses containing multi-byte UTF-8 characters, this produces an incorrect `Content-Length` value, violating RFC 9110 Section 8.6.

GitHub
Show threadMike Perham 2d ago
@kmcphillips just look at the changelog.
Show threadParker Morse2d ago
@getajobmike @kmcphillips 😑
Show threadKevin McPhillips2d ago
@flashesofpanic @getajobmike Oy I was looking for one thing but look at all of those. Whelp! Time to do some updates.
Show threadpelle2d ago
@getajobmike Whoa nelly. Done! Also - I shamefully express my insane gratitude for v2.2.23.
Show threadJamie Schembri1d ago
I’m a little concerned that the linked ghsa resolves to a 404, and the listed CVE seems invalid. This just after we were all told to stagger updating our dependencies to avoid supply chain attacks. Code looks logical but other than that…
Show threadJamie Schembri1d ago
Also the previous release isn’t on GitHub at all, but wasn’t yanked from rubygems. Benefit of the doubt, it’s probably just some simple oopsies. But it raises my eyebrows.