Skip to content

Bump puma from 4.3.3 to 4.3.5 in /.

George Koltsov requested to merge dependabot/bundler/dot-/master/puma-4.3.5 into master

Bumps puma from 4.3.3 to 4.3.5.

Changelog

Sourced from puma's changelog.

4.3.4/4.3.5 and 3.12.5/3.12.6 / 2020-05-22

Each patchlevel release contains a separate security fix. We recommend simply upgrading to 4.3.5/3.12.6.

  • Security
    • Fix: Fixed two separate HTTP smuggling vulnerabilities that used the Transfer-Encoding header. CVE-2020-11076 and CVE-2020-11077.
Commits

Merge request reports

Loading