upgrading rails issue (Could not find gem 'rails (~> 5.2.8, >= 5.2.8.15)' in rubygems repository htt

Publish date: 2024-06-16

So, I have the following security vulnerability in activesupport, activerecord and actionpack.

Name: actionpack Version: 5.2.8.1 CVE: CVE-2023-22792 GHSA: GHSA-p84v-45xj-wwqj Criticality: Unknown URL: https://github.com/rails/rails/releases/tag/v7.0.4.1 Title: ReDoS based DoS vulnerability in Action Dispatch Solution: upgrade to '~> 5.2.8, >= 5.2.8.15', '~> 6.1.7, >= 6.1.7.1', '>= 7.0.4.1' Name: activerecord Version: 5.2.8.1 CVE: CVE-2022-44566 GHSA: GHSA-579w-22j4-4749 Criticality: Unknown URL: https://github.com/rails/rails/releases/tag/v7.0.4.1 Title: Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter Solution: upgrade to '~> 5.2.8, >= 5.2.8.15', '~> 6.1.7, >= 6.1.7.1', '>= 7.0.4.1' Name: activesupport Version: 5.2.8.1 CVE: CVE-2023-22796 GHSA: GHSA-j6gc-792m-qgm2 Criticality: Unknown URL: https://github.com/rails/rails/releases/tag/v7.0.4.1 Title: ReDoS based DoS vulnerability in Active Support’s underscore Solution: upgrade to '~> 5.2.8, >= 5.2.8.15', '~> 6.1.7, >= 6.1.7.1', '>= 7.0.4.1'

my rails version from gemfile

gem 'rails', '~> 5.2.8', '>= 5.2.8.1'

as the solution suggests upgrade to '~> 5.2.8, >= 5.2.8.15' seems to be the next step. so I changed the gemfile as follows:

gem 'rails', '~> 5.2.8', '>= 5.2.8.15'

and then bundle install' | I've also done bundle update` which produces the same output as the following

Fetching gem metadata from https://rubygems.org/.......... Could not find gem 'rails (~> 5.2.8, >= 5.2.8.15)' in rubygems repository https://rubygems.org/ or installed locally. The source contains the following gems matching 'rails': * rails-0.8.0 * rails-0.8.5 * rails-0.9.0 * rails-0.9.1 * rails-0.9.2 * rails-0.9.3 * rails-0.9.4 * rails-0.9.4.1 * rails-0.9.5 * rails-0.10.0 * rails-0.10.1 * rails-0.11.0 * rails-0.11.1 * rails-0.12.0 * rails-0.12.1 * rails-0.13.0 * rails-0.13.1 * rails-0.14.1 * rails-0.14.2 * rails-0.14.3 * rails-0.14.4 * rails-1.0.0 * rails-1.1.0 * rails-1.1.1 * rails-1.1.2 * rails-1.1.3 * rails-1.1.4 * rails-1.1.5 * rails-1.1.6 * rails-1.2.0 * rails-1.2.1 * rails-1.2.2 * rails-1.2.3 * rails-1.2.4 * rails-1.2.5 * rails-1.2.6 * rails-2.0.0 * rails-2.0.1 * rails-2.0.2 * rails-2.0.4 * rails-2.0.5 * rails-2.1.0 * rails-2.1.1 * rails-2.1.2 * rails-2.2.2 * rails-2.2.3 * rails-2.3.2 * rails-2.3.3 * rails-2.3.4 * rails-2.3.5 * rails-2.3.6 * rails-2.3.7 * rails-2.3.8.pre1 * rails-2.3.8 * rails-2.3.9.pre * rails-2.3.9 * rails-2.3.10 * rails-2.3.11 * rails-2.3.12 * rails-2.3.14 * rails-2.3.15 * rails-2.3.16 * rails-2.3.17 * rails-2.3.18 * rails-3.0.0.beta * rails-3.0.0.beta2 * rails-3.0.0.beta3 * rails-3.0.0.beta4 * rails-3.0.0.rc * rails-3.0.0.rc2 * rails-3.0.0 * rails-3.0.1 * rails-3.0.2 * rails-3.0.3 * rails-3.0.4.rc1 * rails-3.0.4 * rails-3.0.5.rc1 * rails-3.0.5 * rails-3.0.6.rc1 * rails-3.0.6.rc2 * rails-3.0.6 * rails-3.0.7.rc1 * rails-3.0.7.rc2 * rails-3.0.7 * rails-3.0.8.rc1 * rails-3.0.8.rc2 * rails-3.0.8.rc4 * rails-3.0.8 * rails-3.0.9.rc1 * rails-3.0.9.rc3 * rails-3.0.9.rc4 * rails-3.0.9.rc5 * rails-3.0.9 * rails-3.0.10.rc1 * rails-3.0.10 * rails-3.0.11 * rails-3.0.12.rc1 * rails-3.0.12 * rails-3.0.13.rc1 * rails-3.0.13 * rails-3.0.14 * rails-3.0.15 * rails-3.0.16 * rails-3.0.17 * rails-3.0.18 * rails-3.0.19 * rails-3.0.20 * rails-3.1.0.beta1 * rails-3.1.0.rc1 * rails-3.1.0.rc2 * rails-3.1.0.rc3 * rails-3.1.0.rc4 * rails-3.1.0.rc5 * rails-3.1.0.rc6 * rails-3.1.0.rc8 * rails-3.1.0 * rails-3.1.1.rc1 * rails-3.1.1.rc2 * rails-3.1.1.rc3 * rails-3.1.1 * rails-3.1.2.rc1 * rails-3.1.2.rc2 * rails-3.1.2 * rails-3.1.3 * rails-3.1.4.rc1 * rails-3.1.4 * rails-3.1.5.rc1 * rails-3.1.5 * rails-3.1.6 * rails-3.1.7 * rails-3.1.8 * rails-3.1.9 * rails-3.1.10 * rails-3.1.11 * rails-3.1.12 * rails-3.2.0.rc1 * rails-3.2.0.rc2 * rails-3.2.0 * rails-3.2.1 * rails-3.2.2.rc1 * rails-3.2.2 * rails-3.2.3.rc1 * rails-3.2.3.rc2 * rails-3.2.3 * rails-3.2.4.rc1 * rails-3.2.4 * rails-3.2.5 * rails-3.2.6 * rails-3.2.7.rc1 * rails-3.2.7 * rails-3.2.8.rc1 * rails-3.2.8.rc2 * rails-3.2.8 * rails-3.2.9.rc1 * rails-3.2.9.rc2 * rails-3.2.9.rc3 * rails-3.2.9 * rails-3.2.10 * rails-3.2.11 * rails-3.2.12 * rails-3.2.13.rc1 * rails-3.2.13.rc2 * rails-3.2.13 * rails-3.2.14.rc1 * rails-3.2.14.rc2 * rails-3.2.14 * rails-3.2.15.rc1 * rails-3.2.15.rc2 * rails-3.2.15.rc3 * rails-3.2.15 * rails-3.2.16 * rails-3.2.17 * rails-3.2.18 * rails-3.2.19 * rails-3.2.20 * rails-3.2.21 * rails-3.2.22 * rails-3.2.22.1 * rails-3.2.22.2 * rails-3.2.22.3 * rails-3.2.22.4 * rails-3.2.22.5 * rails-4.0.0.beta1 * rails-4.0.0.rc1 * rails-4.0.0.rc2 * rails-4.0.0 * rails-4.0.1.rc1 * rails-4.0.1.rc2 * rails-4.0.1.rc3 * rails-4.0.1.rc4 * rails-4.0.1 * rails-4.0.2 * rails-4.0.3 * rails-4.0.4.rc1 * rails-4.0.4 * rails-4.0.5 * rails-4.0.6.rc1 * rails-4.0.6.rc2 * rails-4.0.6.rc3 * rails-4.0.6 * rails-4.0.7 * rails-4.0.8 * rails-4.0.9 * rails-4.0.10.rc1 * rails-4.0.10.rc2 * rails-4.0.10 * rails-4.0.11 * rails-4.0.11.1 * rails-4.0.12 * rails-4.0.13.rc1 * rails-4.0.13 * rails-4.1.0.beta1 * rails-4.1.0.beta2 * rails-4.1.0.rc1 * rails-4.1.0.rc2 * rails-4.1.0 * rails-4.1.1 * rails-4.1.2.rc1 * rails-4.1.2.rc2 * rails-4.1.2.rc3 * rails-4.1.2 * rails-4.1.3 * rails-4.1.4 * rails-4.1.5 * rails-4.1.6.rc1 * rails-4.1.6.rc2 * rails-4.1.6 * rails-4.1.7 * rails-4.1.7.1 * rails-4.1.8 * rails-4.1.9.rc1 * rails-4.1.9 * rails-4.1.10.rc1 * rails-4.1.10.rc2 * rails-4.1.10.rc3 * rails-4.1.10.rc4 * rails-4.1.10 * rails-4.1.11 * rails-4.1.12.rc1 * rails-4.1.12 * rails-4.1.13.rc1 * rails-4.1.13 * rails-4.1.14.rc1 * rails-4.1.14.rc2 * rails-4.1.14 * rails-4.1.14.1 * rails-4.1.14.2 * rails-4.1.15.rc1 * rails-4.1.15 * rails-4.1.16.rc1 * rails-4.1.16 * rails-4.2.0.beta1 * rails-4.2.0.beta2 * rails-4.2.0.beta3 * rails-4.2.0.beta4 * rails-4.2.0.rc1 * rails-4.2.0.rc2 * rails-4.2.0.rc3 * rails-4.2.0 * rails-4.2.1.rc1 * rails-4.2.1.rc2 * rails-4.2.1.rc3 * rails-4.2.1.rc4 * rails-4.2.1 * rails-4.2.2 * rails-4.2.3.rc1 * rails-4.2.3 * rails-4.2.4.rc1 * rails-4.2.4 * rails-4.2.5.rc1 * rails-4.2.5.rc2 * rails-4.2.5 * rails-4.2.5.1 * rails-4.2.5.2 * rails-4.2.6.rc1 * rails-4.2.6 * rails-4.2.7.rc1 * rails-4.2.7 * rails-4.2.7.1 * rails-4.2.8.rc1 * rails-4.2.8 * rails-4.2.9.rc1 * rails-4.2.9.rc2 * rails-4.2.9 * rails-4.2.10.rc1 * rails-4.2.10 * rails-4.2.11 * rails-4.2.11.1 * rails-4.2.11.2 * rails-4.2.11.3 * rails-5.0.0.beta1 * rails-5.0.0.beta1.1 * rails-5.0.0.beta2 * rails-5.0.0.beta3 * rails-5.0.0.beta4 * rails-5.0.0.racecar1 * rails-5.0.0.rc1 * rails-5.0.0.rc2 * rails-5.0.0 * rails-5.0.0.1 * rails-5.0.1.rc1 * rails-5.0.1.rc2 * rails-5.0.1 * rails-5.0.2.rc1 * rails-5.0.2 * rails-5.0.3 * rails-5.0.4.rc1 * rails-5.0.4 * rails-5.0.5.rc1 * rails-5.0.5.rc2 * rails-5.0.5 * rails-5.0.6.rc1 * rails-5.0.6 * rails-5.0.7 * rails-5.0.7.1 * rails-5.0.7.2 * rails-5.1.0.beta1 * rails-5.1.0.rc1 * rails-5.1.0.rc2 * rails-5.1.0 * rails-5.1.1 * rails-5.1.2.rc1 * rails-5.1.2 * rails-5.1.3.rc1 * rails-5.1.3.rc2 * rails-5.1.3.rc3 * rails-5.1.3 * rails-5.1.4.rc1 * rails-5.1.4 * rails-5.1.5.rc1 * rails-5.1.5 * rails-5.1.6 * rails-5.1.6.1 * rails-5.1.6.2 * rails-5.1.7.rc1 * rails-5.1.7 * rails-5.2.0.beta1 * rails-5.2.0.beta2 * rails-5.2.0.rc1 * rails-5.2.0.rc2 * rails-5.2.0 * rails-5.2.1.rc1 * rails-5.2.1 * rails-5.2.1.1 * rails-5.2.2.rc1 * rails-5.2.2 * rails-5.2.2.1 * rails-5.2.3.rc1 * rails-5.2.3 * rails-5.2.4.rc1 * rails-5.2.4 * rails-5.2.4.1 * rails-5.2.4.2 * rails-5.2.4.3 * rails-5.2.4.4 * rails-5.2.4.5 * rails-5.2.4.6 * rails-5.2.5 * rails-5.2.6 * rails-5.2.6.1 * rails-5.2.6.2 * rails-5.2.6.3 * rails-5.2.7 * rails-5.2.7.1 * rails-5.2.8 * rails-5.2.8.1 * rails-6.0.0.beta1 * rails-6.0.0.beta2 * rails-6.0.0.beta3 * rails-6.0.0.rc1 * rails-6.0.0.rc2 * rails-6.0.0 * rails-6.0.1.rc1 * rails-6.0.1 * rails-6.0.2.rc1 * rails-6.0.2.rc2 * rails-6.0.2 * rails-6.0.2.1 * rails-6.0.2.2 * rails-6.0.3.rc1 * rails-6.0.3 * rails-6.0.3.1 * rails-6.0.3.2 * rails-6.0.3.3 * rails-6.0.3.4 * rails-6.0.3.5 * rails-6.0.3.6 * rails-6.0.3.7 * rails-6.0.4 * rails-6.0.4.1 * rails-6.0.4.2 * rails-6.0.4.3 * rails-6.0.4.4 * rails-6.0.4.5 * rails-6.0.4.6 * rails-6.0.4.7 * rails-6.0.4.8 * rails-6.0.5 * rails-6.0.5.1 * rails-6.0.6 * rails-6.0.6.1 * rails-6.1.0.rc1 * rails-6.1.0.rc2 * rails-6.1.0 * rails-6.1.1 * rails-6.1.2 * rails-6.1.2.1 * rails-6.1.3 * rails-6.1.3.1 * rails-6.1.3.2 * rails-6.1.4 * rails-6.1.4.1 * rails-6.1.4.2 * rails-6.1.4.3 * rails-6.1.4.4 * rails-6.1.4.5 * rails-6.1.4.6 * rails-6.1.4.7 * rails-6.1.5 * rails-6.1.5.1 * rails-6.1.6 * rails-6.1.6.1 * rails-6.1.7 * rails-6.1.7.1 * rails-6.1.7.2 * rails-7.0.0.alpha1 * rails-7.0.0.alpha2 * rails-7.0.0.rc1 * rails-7.0.0.rc2 * rails-7.0.0.rc3 * rails-7.0.0 * rails-7.0.1 * rails-7.0.2 * rails-7.0.2.1 * rails-7.0.2.2 * rails-7.0.2.3 * rails-7.0.2.4 * rails-7.0.3 * rails-7.0.3.1 * rails-7.0.4 * rails-7.0.4.1 * rails-7.0.4.2

What am I doing wrong. how can i upgrade those three (activesupport, activerecord and actionpack)?

1

2 Answers

The version 5.2.8.15 is referring to a RailsLTS release. They offer extended support and security fixes for old Rails libraries.

After defining new rules and versions in your Gemfile, run:

bundle update rails

This will update all direct dependencies of Rails too.

But! be sure the version exists on RubyGems: https://rubygems.org/gems/rails/versions (it seems that v5.2.8.15 does not exist).

ncG1vNJzZmirpJawrLvVnqmfpJ%2Bse6S7zGiorp2jqbawutJobm5sYGqEcYGOrqegqpGZtq%2BzjKuYoqSjYra0v9SeZJynpaGxbrrOrWSfoZ6ZeqixzGapmqGcqHp2eZFmb2ZtXWd6eXmQbmSipl2nwqM%3D