Pending Release Notes

Minor release: dependency and security updates (PostgreSQL, Rails, Rack, Nokogiri, OpenSSL, OpenResty) plus internal dependency alignment; no functional application feature changes.

Bug Fixes

• None in application code; fixes come via upstream dependency patches (see Security).

Enhancements

• Rails upgraded to 7.1.5.2 enabling newer framework capabilities and consistent versioning across main app and Fieri.

Packaging

• Fieri engine Rails version aligned (7.1.5.2) to remove version skew.
• Updated constraints for Rails, Rack, Nokogiri, PostgreSQL, OpenSSL to ensure reproducible secure builds.
• Update omnibus postgresql definition 13.18 → 13.22
• Major OpenSSL upgrade from 1.0.2zi → 3.2.4 with FIPS plugin 3.1.2 for FIPS compliance
• Upgrade OpenResty from 1.21 → 1.27.1.2 (includes nginx 1.21.4 → 1.27.1) with performance and security improvements
• Upgrade Rails framework from 7.0.8 → 7.1.5.2 with comprehensive dependency updates
• Update Ruby gems including Sprockets (4.0.3 → 4.2.2), Faraday (2.3.0 → 2.13.4), and testing frameworks

Security

• PostgreSQL 13.18 → 13.22
  • CVE-2025-1094
• Rails 7.0.8.7 → 7.1.5.2
  • CVE-2025-24293
• Rack 2.2.8 → 2.2.20
  • CVE-2025-61919
  • CVE-2025-61770
  • CVE-2025-61772
  • CVE-2025-61771
  • CVE-2025-59830
  • CVE-2025-46727
  • CVE-2025-27610
• Nokogiri 1.18.8 → 1.18.9
  • CVE-2025-49796
  • CVE-2025-49795
  • CVE-2025-49794
  • CVE-2025-6170
  • CVE-2025-6021
• OpenSSL 1.0.2zi → 3.2.4
• OpenSSL-FIPS 2.0.16 → 3.1.2
• OpenResty 1.21 → 1.27.1.2 (includes nginx 1.21.4 → 1.27.1)