You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to ruby-sec...@googlegroups.com, ruby-talk
Mechanize v2.8.5 has been released with a security update.
The release notes are reproduced below for your convenience.
The GHSA has more detail, but in summary: this fix ensures `Authorization` headers are not sent after a same-site redirect that changes the port number.
---
2.8.5 / 2022-06-09
Security
Fixes low-severity CVE-2022-31033, "Authorization header leak on port redirect." See GHSA-64qm-hrgp-pgr9 for more details.