sj26
commented
2 years ago Thanks for reaching out!
Rack 2 is a big upgrade, I think.
There is a long term effort to refactor mailcatcher onto using async, decoupling from eventmachine, thin, skinny, and sinatra, and then modernising from there.
MailCatcher is designed to be a local development tool run and accessible on only localhost, so until then the linked vulnerabilities do not seem like a considerable threat.
Hello,
version of rack, mailcatcher is using has some critical vulnerability. Is there any plan to to upgrade rack version to 2.2.3?
https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Arack_project&cpe_product=cpe%3A%2F%3Arack_project%3Arack&cpe_version=cpe%3A%2F%3Arack_project%3Arack%3A1.6.13