Bump puma from 5.6.2 to 5.6.4 (!509) · Merge requests · ddr / ddr-admin

libautomation requested to merge dependabot/bundler/puma-5.6.4 into main Apr 02, 2022

Bumps puma from 5.6.2 to 5.6.4.

Release notes

5.6.4

Security

Close several HTTP Request Smuggling exploits (CVE-2022-24790)

The 5.6.3 release was a mistake (released the wrong branch), 5.6.4 is correct.

Changelog

Sourced from puma's changelog.

5.6.4 / 2022-03-30

Security

Close several HTTP Request Smuggling exploits (CVE-2022-24790)

Commits

7add06a 5.6.4
4475a46 5.6.3
5bb7d20 Merge pull request from GHSA-h99w-9q5r-gjq9
See full diff in compare view

Bump puma from 5.6.2 to 5.6.4

5.6.4

5.6.4 / 2022-03-30

Merge request reports