Hi everyone!
Rails Versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1 have been released!
These are security patches addressing 4 possible ReDoS (Regular expression Denial of Service) attacks. All of these only affect Ruby versions below 3.2 so we urge users on older versions of Ruby to upgrade to these new Rails versions at their earliest convenience.
Additionally we strongly recommend users upgrade to Ruby 3.2 or greater, to take advantage of the improved ReDoS mitigations in newer versions.
Ruby 3.1 is approaching it’s end of life for security support from Ruby upstream and is the only maintained version of Ruby still vulnerable to these attacks. Going forward we plan to continue to…