-
Notifications
You must be signed in to change notification settings - Fork 508
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[security] release updated version of padrino-mailer which requires mail ~> 2.4.4 or higher #1083
Comments
Thanks man! I'll take care of it |
Caught by bundler-audit :) |
@postmodern Awesome! |
I highly suggest using
|
Thanks @postmodern starred ;) I've tried to use |
Alright, the dependency for mail was fixed. Going to close this, glad we got that updated. |
Will there be a patch-level release or is the Padrino team aiming for 1.0.0? |
Ah nevermind, looks like you are targeting 0.11.0. |
We are aiming right now for 0.11.0. I know we are not currently following semver perfectly but that will improve when we hit 1.0. Right now a 0.X.0 means is reserved for substantial or breaking releases. |
In my mind I see the roadmap as 0.11.0, 0.11.X and then a 0.12.X series which will be the bridge towards our 1.0 prerelease. Obviously open to discussion, but that's how I am currently hoping to see it play out. We have come a long way in 0.11.0 (probably too far without a release). I am updating the changelog and preparing a blog post for it now. |
padrino-mailer is locked to mail ~> 2.3.0. Versions below 2.4.4 of the mail gem are vulnerable to CVE-2012-2139 and CVE-2012-2140.
The text was updated successfully, but these errors were encountered: