Closed jrm213 closed 6 months ago
I haven't done really anything with canvas, but I think you need to follow the security policy.
https://github.com/instructure/canvas-lms/commit/4faf94fda3128228ddb2c718db045c7c6ffd063c updates to the latest rack that addresses security issues. If you don't trust that Rack 2.2.8.1 properly addressed them, but 3.0.9.1 does, then you can enable Rails 7.1 support by doing echo 7.1 > config/RAILS_VERSION
. Note that Rails 7.1 is not yet enabled by default, but as of the current master branch all tests are passing.
Summary:
installed Canvas-LMS via the docker method on Ubuntu 20.04 - causes reported 10.0 CVE vulnerability against ruby-rack
Steps to reproduce:
Expected behavior:
no critical or high CVE bugs introduced
Actual behavior:
critical vulnerability reported: https://ubuntu.com/security/notices/USN-5896-1
Additional notes:
Can ruby rack 3.? be used instead of 2.? without causing issues? If so can the docker container be updated to reflect it? If this is the wrong place to report/discuss this, I couldn't find anywhere else.