[ANN] mechanize security update v2.8.5

34 views

Skip to first unread message

Mike Dalessio

unread,

Jun 9, 2022, 2:14:47 PM6/9/22

to ruby-sec...@googlegroups.com, ruby-talk

Mechanize v2.8.5 has been released with a security update.

The release notes are reproduced below for your convenience.

The GHSA has more detail, but in summary: this fix ensures `Authorization` headers are not sent after a same-site redirect that changes the port number.

---

2.8.5 / 2022-06-09

Security

Fixes low-severity CVE-2022-31033, "Authorization header leak on port redirect." See GHSA-64qm-hrgp-pgr9 for more details.

Reply all

Reply to author

Forward

0 new messages