On Fri, Jun 19, 2020 at 10:46 PM Utkarsh Gupta <utka...@debian.org> wrote: > Just letting you know with my rails' maintainer hat on.. > I faced a regression where I think, activestorage (one of rails' binary), > broke and in turn, it broke a bunch of other gems as well. > > Please ensure that the fix of these CVE(s) won't break other libraries > because otherwise, it would mess up an instance. > Of course, the tests would pass, but if you can check and ensure that > it's not breaking other stuff, you're good to go! :)
Also, I think it originated due to babel (I am not sure though!), but that was the closest I got to when debugging. If so, then I don't think anything would break. Anyway, this was the patch that fixed the regression: https://salsa.debian.org/ruby-team/rails/-/commit/fe3206768ed30b8eb6a83e74fc813e616d7d0db3 Best, Utkarsh
