Ruby-rack upgrade

As per vulnerability scanner ruby-rack package is affected by multiple vulnerabilities.

Used Zammad version: 5.3.1-1673513898.e8e9d825.focal
Used Zammad installation type: (source)
Operating system: Ubuntu 20.04.5 LTS
Browser + version: Chrome + Version 113.0.5672.127 (Official Build) (64-bit)
Ruby Version : ruby 2.7.0p0 (2019-12-25 revision 647ee6f091) [x86_64-linux-gnu]

 - Installed package : **ruby-rack_2.0.7-2ubuntu0.1**
  - as per suggestion  Fixed package is this  : **ruby-rack_2.0.7-2ubuntu0.1+esm2**

Please see below url
https://ubuntu.com/security/notices/USN-5896-1

it is showing for Ubuntu Pro.

Please guide.

Zammad 5.3.1 is over 9 month old. Upgrade as per documentation and release notes.

my bad the version is

This is Zammad version 5.4.1-1685652268.d074a0f4.focal

You’re still outdated.

6.0 will resolve the issue ?

Package installations of Zammad come with pre-bundled gems.

Gemfile.lock of the current stable:

And the current software requrements:
https://docs.zammad.org/en/latest/prerequisites/software.html

If you check the ruby versions there you’ll notice that you’re talking about ruby version not used by Zammad here.

This topic was automatically closed 360 days after the last reply. New replies are no longer allowed.