Bump puma from 4.3.3 to 4.3.5 (!15) · Merge requests · multiple-projects / imported-project-fe3943d781f2a90b

James Nutt requested to merge dependabot-bundler-puma-4.3.5 into master Jun 27, 2020

Bumps puma from 4.3.3 to 4.3.5.

Changelog

4.3.4/4.3.5 and 3.12.5/3.12.6 / 2020-05-22

Each patchlevel release contains a separate security fix. We recommend simply upgrading to 4.3.5/3.12.6.

Security

Fix: Fixed two separate HTTP smuggling vulnerabilities that used the Transfer-Encoding header. CVE-2020-11076 and CVE-2020-11077.

Commits

See full diff in compare view

Admin message

Admin message

Bump puma from 4.3.3 to 4.3.5

4.3.4/4.3.5 and 3.12.5/3.12.6 / 2020-05-22

Merge request reports