Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.
Sign up🚨 [security] [ruby] Update puma: 3.12.1 → 3.12.2 (patch) #347
Conversation
This comment has been minimized.
This comment has been minimized.
codecov
bot
commented
Dec 6, 2019
•
Codecov Report
@@ Coverage Diff @@
## master #347 +/- ##
======================================
Coverage 89.4% 89.4%
======================================
Files 35 35
Lines 623 623
======================================
Hits 557 557
Misses 66 66 Continue to review full report at Codecov.
|
depfu
bot
changed the title
[ruby] Update puma: 3.12.1 → 3.12.2 (patch)
🚨 [security] [ruby] Update puma: 3.12.1 → 3.12.2 (patch)
Dec 6, 2019
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
depfu bot commentedDec 6, 2019
•
edited
Advisory: CVE-2019-16770
Disclosed: December 05, 2019
URL: https://github.com/puma/puma/security/advisories/GHSA-7xx3-m584-x994
Keepalive thread overload/DoS in puma
Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.
What changed?
Commits
See the full diff on Github. The new version differs by 3 commits:
3.12.2
4.3.1 and 4.2.1 release notes
Merge pull request from GHSA-7xx3-m584-x994
Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with
@depfu rebase
.All Depfu comment commands