Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New end-of-support dates for Rails #1865

Merged
merged 1 commit into from
Aug 28, 2024
Merged

New end-of-support dates for Rails #1865

merged 1 commit into from
Aug 28, 2024

Conversation

presidentbeef
Copy link
Owner

From https://rubyonrails.org/maintenance

List of currently supported releases
7.2.x - Supported until August 9, 2026
7.1.x - Supported until October 1, 2025
7.0.x - Supported until April 1, 2025
6.1.x - Supported until October 1, 2024

@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Aug 23, 2024
edited
Loading

DryRun Security Summary

The provided code change updates the Brakeman application security tool to include the end-of-life (EOL) dates for newer versions of the Ruby on Rails framework, ensuring that the tool can accurately detect and alert developers when an application is using an unsupported version of Rails, which is crucial for maintaining secure Ruby on Rails applications.

Expand for full summary

Summary:

The code change you provided is an update to the lib/brakeman/checks/check_eol_rails.rb file, which is part of the Brakeman application security tool. The purpose of this change is to update the list of end-of-life (EOL) dates for various versions of the Ruby on Rails framework. This is an important security consideration, as using an unsupported version of Rails can expose an application to known vulnerabilities that may not be addressed by the framework maintainers.

The key changes in this patch include the addition of new EOL dates for Rails versions 6.1, 7.0, 7.1, and 7.2, as well as the inclusion of two references to external resources: the official Ruby on Rails maintenance policy and the End of Life Date website. These updates ensure that the Brakeman tool can accurately detect when an application is using an unsupported version of Rails and alert the developers accordingly, which is a crucial aspect of maintaining secure Ruby on Rails applications.

Files Changed:

  • lib/brakeman/checks/check_eol_rails.rb: This file is part of the Brakeman application security tool and is responsible for checking the end-of-life (EOL) status of the Ruby on Rails framework used in an application. The changes in this patch update the list of EOL dates for various Rails versions, including 6.1, 7.0, 7.1, and 7.2. Additionally, the patch includes references to external resources that provide more information about the Rails maintenance policy and EOL dates.

Code Analysis

We ran 9 analyzers against 1 file and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

@presidentbeef presidentbeef merged commit f99539b into main Aug 28, 2024
18 checks passed
@presidentbeef presidentbeef deleted the update_eol_dates_for_rails branch August 28, 2024 21:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@presidentbeef