Register | Log in

ruby-devise

Flexible authentication solution for Rails with Warden

Choose email to subscribe with

general

source: ruby-devise (main)
version: 4.8.1-1
maintainer: Debian Ruby Team (archive) (DMD)
uploaders: Pirate Praveen [DMD] – Markus Tornow [DMD]
arch: all
std-ver: 4.6.1
VCS: Git (Browse)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 4.7.3-2
oldstable: 4.8.1-1

versioned links

4.7.3-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.8.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

ruby-devise

package is gone

This package is not in any development repository. This probably means that the package has been removed (or has been renamed). Thus the information here is of little interest ... the package is going to disappear unless someone takes it over and reintroduces it.

action needed

Debci reports failed tests high

unstable: fail (log)
The tests ran in 0:01:21
Last run: 2025-04-10T05:43:24.000Z
Previous status: unknown

testing: pass (log)
The tests ran in 0:02:22
Last run: 2025-01-31T07:19:01.000Z
Previous status: unknown

stable: fail (log)
The tests ran in 0:00:17
Last run: 2025-08-11T03:58:11.000Z
Previous status: unknown

Created: 2025-03-25 Last update: 2026-03-30 18:01

No known security issue in bookworm wishlist

There is 1 open security issue in bookworm.

1 ignored issue:

CVE-2026-32700: Devise is an authentication solution for Rails based on Warden. Prior to version 5.0.3, a race condition in Devise's Confirmable module allows an attacker to confirm an email address they do not own. This affects any Devise application using the `reconfirmable` option (the default when using Confirmable with email changes). By sending two concurrent email change requests, an attacker can desynchronize the `confirmation_token` and `unconfirmed_email` fields. The confirmation token is sent to an email the attacker controls, but the `unconfirmed_email` in the database points to a victim's email address. When the attacker uses the token, the victim's email is confirmed on the attacker's account. This is patched in Devise v5.0.3. Users should upgrade as soon as possible. As a workaround, applications can override a specific method from Devise models to force `unconfirmed_email` to be persisted when unchanged. Note that Mongoid does not seem to respect that `will_change!` should force the attribute to be persisted, even if it did not really change, so the user might have to implement a workaround similar to Devise by setting `changed_attributes["unconfirmed_email"] = nil` as well.

Created: 2026-03-19 Last update: 2026-03-25 11:31

news

[2025-04-15] Removed 4.9.3-1 from unstable (Debian FTP Masters)
[2025-02-01] ruby-devise REMOVED from testing (Debian testing watch)
[2024-01-09] ruby-devise 4.9.3-1 MIGRATED to testing (Debian testing watch)
[2024-01-02] Accepted ruby-devise 4.9.3-1 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2023-10-19] ruby-devise 4.9.2-1 MIGRATED to testing (Debian testing watch)
[2023-10-16] Accepted ruby-devise 4.9.2-1 (source) into unstable (Aquila Macedo Costa) (signed by: Lucas Kanashiro)
[2022-10-11] ruby-devise 4.8.1-1 MIGRATED to testing (Debian testing watch)
[2022-10-08] Accepted ruby-devise 4.8.1-1 (source) into unstable (Mohammed Bilal)
[2021-03-24] ruby-devise 4.7.3-2 MIGRATED to testing (Debian testing watch)
[2021-03-04] Accepted ruby-devise 4.7.3-2 (source) into unstable (Lucas Kanashiro)
[2021-01-09] Accepted ruby-devise 4.7.3-1~bpo10+1 (source all) into buster-backports (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2020-12-05] ruby-devise 4.7.3-1 MIGRATED to testing (Debian testing watch)
[2020-12-03] Accepted ruby-devise 4.7.3-1 (source) into unstable (Sruthi Chandran)
[2020-08-09] ruby-devise 4.7.1-3 MIGRATED to testing (Debian testing watch)
[2020-08-06] Accepted ruby-devise 4.7.1-3 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2020-04-06] Accepted ruby-devise 4.7.1-2~bpo10+1 (source all) into buster-backports, buster-backports (Debian FTP Masters) (signed by: Praveen Arimbrathodiyil)
[2020-04-02] ruby-devise 4.7.1-2 MIGRATED to testing (Debian testing watch)
[2020-03-29] Accepted ruby-devise 4.7.1-2 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2020-03-13] Accepted ruby-devise 4.7.1-1 (source) into experimental (Sruthi Chandran) (signed by: Praveen Arimbrathodiyil)
[2019-11-23] ruby-devise 4.6.2-2 MIGRATED to testing (Debian testing watch)
[2019-11-19] Accepted ruby-devise 4.6.2-2 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2019-05-24] ruby-devise 4.5.0-3 MIGRATED to testing (Debian testing watch)
[2019-05-21] Accepted ruby-devise 4.5.0-3 (source) into unstable (Utkarsh Gupta)
[2019-05-21] Accepted ruby-devise 4.6.2-1 (source) into experimental (Utkarsh Gupta)
[2019-03-10] ruby-devise 4.5.0-2 MIGRATED to testing (Debian testing watch)
[2019-02-27] Accepted ruby-devise 4.5.0-2 (source) into unstable (Antonio Terceiro)
[2019-01-06] ruby-devise 4.5.0-1 MIGRATED to testing (Debian testing watch)
[2018-12-31] Accepted ruby-devise 4.5.0-1 (source) into unstable (Utkarsh Gupta) (signed by: Praveen Arimbrathodiyil)
[2018-05-15] Accepted ruby-devise 4.4.3-1~bpo9+1 (source all) into stretch-backports, stretch-backports (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-03-27] ruby-devise 4.4.3-1 MIGRATED to testing (Debian testing watch)

1
2

bugs [bug history graph]

all: 0

links

homepage
buildd: logs
popcon
browse source code
edit tags
other distros
security tracker
debci

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing