From 45e53b74b2ad6f747d78b8ff0789cd11089fd19b Mon Sep 17 00:00:00 2001
From: Prem Sichanugrist <s@sikac.hu>
Date: Wed, 10 Mar 2021 21:52:59 +0900
Subject: [PATCH] Update activerecord-session_store  advisory info

---
 gems/activerecord-session_store/CVE-2019-25025.yml | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/gems/activerecord-session_store/CVE-2019-25025.yml b/gems/activerecord-session_store/CVE-2019-25025.yml
index 0cac5d56d3..4849910368 100644
--- a/gems/activerecord-session_store/CVE-2019-25025.yml
+++ b/gems/activerecord-session_store/CVE-2019-25025.yml
@@ -13,15 +13,16 @@ description: |
   amount of time. This is a related issue to CVE-2019-16782.
 
   ## Recommendation
-  As of the publishing of this advisory, there is no official fix in place.
-
-  An unofficial fix is described here:
-  https://github.com/rails/activerecord-session_store/pull/151#issuecomment-631705247
+  Users should upgrade to `activerecord-session_store` version 2.0.0 or later.
 
 cvss_v3: 5.9
 
+patched_versions:
+  - ">= 2.0.0"
+
 related:
   cve:
     - 2019-16782
   url:
     - https://github.com/rails/activerecord-session_store/pull/151
+    - https://github.com/rails/activerecord-session_store/releases/tag/v2.0.0