Skip to content

actionpack: Relax rack version limit#2

Open
jdbann wants to merge 2 commits into
4-2-stablefrom
sc-112346-relax-rack-limits
Open

actionpack: Relax rack version limit#2
jdbann wants to merge 2 commits into
4-2-stablefrom
sc-112346-relax-rack-limits

Conversation

@jdbann

@jdbann jdbann commented Jun 8, 2026
edited
Loading

Copy link
Copy Markdown

Rack versions < 2.2.3 have security vulnerabilities and actionpack pins the rack version to ~> 1.6. Relaxing this should allow us to update in other places but closer testing in consuming apps will be necessary.

The changes in actionpack are from a combination of the following commits:

  • 51211a9 - point at rack master
    • Rack constants were moved in v2
  • 529136d - stop inheriting from Rack::Request
    • Rack request API changed in v2 so actionpack no longer inherits, including the helpers instead
    • Including earlier changes to use get_header instead of env seemed excessive, so the rename to fetch_header is not applied here

@jdbann
actionpack: Relax rack version limit
cae7a2d 
Rack versions <2.2.3 have security vulnerabilities and actionpack pins
the rack version to ~>1.6. Relaxing this should allow us to update in
other places but closer testing in consuming apps will be necessary.
@jdbann jdbann force-pushed the sc-112346-relax-rack-limits branch from 79880e6 to 14677ed Compare June 9, 2026 11:17
@jdbann jdbann force-pushed the sc-112346-relax-rack-limits branch from 14677ed to 385e764 Compare June 9, 2026 15:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jdbann