In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests. Reference: https://github.com/rails/rails/commit/f9a2ad03943d5c2ba54e1d45f155442b519c75da https://github.com/rails/rails/security/advisories/GHSA-wh98-p28r-vrc9
Created rubygem-actionpack tracking bugs for this issue: Affects: fedora-all [bug 2063150]
This issue has been addressed in the following products: Red Hat Satellite 6.11 for RHEL 7 Red Hat Satellite 6.11 for RHEL 8 Via RHSA-2022:5498 https://access.redhat.com/errata/RHSA-2022:5498
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-23633