Can 2.0.2 be released?

Question

nhoffmann opened this issue 7 years ago · comments

The currently released version locks redis-store to a version that has a known security vulnerability (CVE-2017-1000248).

Version 2.0.2 relaxes the redis-store dependency. Can this version be released? Can we do anything to help?

bump!

James Badger · Answer 1 · Sat Dec 09 2017 03:33:35 GMT+0800 (China Standard Time)

I'm working on the updating dependencies for a Rails app and until 2.0.2 is released, I was able to do this in the Gemfile to get the latest commit:

gem 'redis-rack-cache',
  git: 'https://github.com/redis-store/redis-rack-cache.git',
  ref: 'd1fdd3868bdc02efa5ae724a2758b3abfda271ab'

(Only a temporary solution)

Tom Scott · Answer 2 · Tue Dec 12 2017 00:26:06 GMT+0800 (China Standard Time)

hey folks, we just released v2.0.2. apologies for the wait!