Skip to content

Bump puma from 8.0.1 to 8.0.2 in /docs#406

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bundler/docs/puma-8.0.2
Open

Bump puma from 8.0.1 to 8.0.2 in /docs#406
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bundler/docs/puma-8.0.2

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 31, 2026
edited
Loading

Bumps puma from 8.0.1 to 8.0.2.

Release notes

Sourced from puma's releases.

v8.0.2

  • Bugfixes
    • Anchor PROXY protocol v1 regex to string start and enforce max line length to prevent injection via crafted request bodies (#3944)
    • Parse PROXY protocol header only on the first request per connection to prevent spoofing on keep-alive connections (#3944)

Security advisories

Changelog

Sourced from puma's changelog.

8.0.2 / 2026-05-27

  • Bugfixes
    • Anchor PROXY protocol v1 regex to string start and enforce max line length to prevent injection via crafted request bodies (#3944)
    • Parse PROXY protocol header only on the first request per connection to prevent spoofing on keep-alive connections (#3944)
Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code labels May 31, 2026
@dependabot dependabot Bot requested a review from cirdes as a code owner May 31, 2026 10:04
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code labels May 31, 2026
@dependabot
Bump puma from 8.0.1 to 8.0.2 in /docs
504acee 
Bumps [puma](https://github.com/puma/puma) from 8.0.1 to 8.0.2.
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/main/History.md)
- [Commits](puma/puma@v8.0.1...v8.0.2)

---
updated-dependencies:
- dependency-name: puma
  dependency-version: 8.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/bundler/docs/puma-8.0.2 branch from fa8feeb to 504acee Compare June 1, 2026 15:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cirdes cirdes cirdes approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@cirdes