Mike Perham 
Mysterious warning to Ruby app maintainers: “bundle update rack” asap.
Jamie SchembriI’m a little concerned that the linked ghsa resolves to a 404, and the listed CVE seems invalid. This just after we were all told to stagger updating our dependencies to avoid supply chain attacks. Code looks logical but other than that…
Also the previous release isn’t on GitHub at all, but wasn’t yanked from rubygems. Benefit of the doubt, it’s probably just some simple oopsies. But it raises my eyebrows.