Update CVE-2019-25025 for activerecord-session_store now that a fix has been released (#463)

sikachu · web-flow · commit 3443c060b29d · 2021-03-10T12:29:28.000-08:00
diff --git a/gems/activerecord-session_store/CVE-2019-25025.yml b/gems/activerecord-session_store/CVE-2019-25025.yml
@@ -13,15 +13,16 @@ description: |
   amount of time. This is a related issue to CVE-2019-16782.
 
   ## Recommendation
-  As of the publishing of this advisory, there is no official fix in place.
-
-  An unofficial fix is described here:
-  https://github.com/rails/activerecord-session_store/pull/151#issuecomment-631705247
+  Users should upgrade to `activerecord-session_store` version 2.0.0 or later.
 
 cvss_v3: 5.9
 
+patched_versions:
+  - ">= 2.0.0"
+
 related:
   cve:
     - 2019-16782
   url:
     - https://github.com/rails/activerecord-session_store/pull/151
+    - https://github.com/rails/activerecord-session_store/releases/tag/v2.0.0
