Consider Rails LTS 5.2.8.15 (#538)

https://makandracards.com/railslts/508019-rails-5-2-lts-changelog#section-jul-21st-2022-version-5-2-8-15

Author: tkdn

gems/actionpack/CVE-2023-22792.yml

@@ -12,7 +12,7 @@ description: |
 
   Versions Affected: >= 3.0.0
   Not affected: < 3.0.0
-  Fixed Versions: 6.1.7.1, 7.0.4.1
+  Fixed Versions: 5.2.8.15 (Rails LTS), 6.1.7.1, 7.0.4.1
 
   # Impact
 
@@ -32,5 +32,6 @@ description: |
 unaffected_versions:
 - "< 3.0.0"
 patched_versions:
+- "~> 5.2.8, >= 5.2.8.15" # Rails LTS
 - "~> 6.1.7, >= 6.1.7.1"
 - ">= 7.0.4.1"

gems/actionpack/CVE-2023-22795.yml

@@ -12,7 +12,7 @@ description: |-
 
   Versions Affected: All
   Not affected: None
-  Fixed Versions: 6.1.7.1, 7.0.4.1
+  Fixed Versions: 5.2.8.15 (Rails LTS), 6.1.7.1, 7.0.4.1
 
   # Impact
 
@@ -32,5 +32,6 @@ description: |-
 
   Users on Ruby 3.2.0 or greater are not affected by this vulnerability.
 patched_versions:
+- "~> 5.2.8, >= 5.2.8.15" # Rails LTS
 - "~> 6.1.7, >= 6.1.7.1"
 - ">= 7.0.4.1"

gems/activerecord/CVE-2022-44566.yml

@@ -13,7 +13,7 @@ description: |
 
   Versions Affected: All.
   Not affected: None.
-  Fixed Versions: 7.0.4.1, 6.1.7.1
+  Fixed Versions: 5.2.8.15 (Rails LTS), 6.1.7.1, 7.0.4.1
 
   # Impact
 
@@ -28,5 +28,6 @@ description: |
   Ensure that user supplied input which is provided to ActiveRecord clauses do
   not contain integers wider than a signed 64bit representation or floats.
 patched_versions:
+- "~> 5.2.8, >= 5.2.8.15" # Rails LTS
 - "~> 6.1.7, >= 6.1.7.1"
 - ">= 7.0.4.1"

gems/activesupport/CVE-2023-22796.yml

@@ -12,7 +12,7 @@ description: |-
 
   Versions Affected: All
   Not affected: None
-  Fixed Versions: 6.1.7.1, 7.0.4.1
+  Fixed Versions: 5.2.8.15 (Rails LTS), 6.1.7.1, 7.0.4.1
 
   # Impact
 
@@ -34,5 +34,6 @@ description: |-
   Users on Ruby 3.2.0 or greater may be able to reduce the impact by
   configuring Regexp.timeout.
 patched_versions:
+- "~> 5.2.8, >= 5.2.8.15" # Rails LTS
 - "~> 6.1.7, >= 6.1.7.1"
 - ">= 7.0.4.1"