Dependency on CGI version with vulnerability '<=0.1.0'
williantenfen opened this issue · comments
CGI '0.1.0' gem is vulnerable (https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819/), there's a patch for it '0.1.1' .
sorry, just saw a PR for it now
Anyway, is there a way to do patches for old versions? like '2.8.8.1'
- ignore, I think there's no breaking changes on higher versions.. I'll just upgrade when new version with fix is available...