Ruby on Rails-Server-Version end-of-life

[Erik Wölfel]

Dear Gocd-People,

first of all we love gocd and admire your work :-)

Our security system mentions gocd using end-of-life software having the ruby on rails-server on version 6.1.7.6 which will be out of security support in half a year (1st June 24, https://endoflife.date/rails)

Are there any plans on upgrading to the latest version 7.1?

[Chad Wilson]

Hiya Erik

Plans, yes: https://github.com/gocd/gocd/pull/12077 - but it's not EOL quite yet :P. Arguably there are riskier pieces of EOL software within GoCD than Rails right now (Spring Security, Spring Framework) and if things get messy I'm more inclined to focus on pieces with better risk/effort ratios.

The main "messiness" blocker with Rails 7+ right now is that GoCD currently relies on jruby-rack which is very lightly maintained and Rack's Rails integration, and seems to be broken in some way with Rails 7. It's not exactly my personal core expertise, so if anyone has some clue with Ruby/Rails/Rack these days, help would be appreciated. What is confusing to me may be simple to you!

Unfortunately, there are not too many "GoCD people" actively working on things left to speak of :-)

-Chad

--
You received this message because you are subscribed to the Google Groups "go-cd" group.
To unsubscribe from this group and stop receiving emails from it, send an email to go-cd+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/go-cd/96cadc38-e56b-4812-8b37-27ac8fe189f3n%40googlegroups.com.

[Erik Wölfel]

Hey Chad,

thanks for the answer. Unfortunately we are no ruby experts at all.

The SpringSec-Issues are news to us, we could support with those.

Team Hopper

OTTO