Comment # 6 on bug 1174315 from Xabier Arbulu

Hi Markus, Dario,

This bug doesn't look like has an easy solution. `puma` package upgrade was
needed to fix multiple CVEs in any case.

I have checked and the new `puma` version we released (`4.3.5`) doesn't look
like has any non backward compatibility (according the changelog).

In the case we patch `railties` to allow the usage of this version, only this
change, would this break already existing apps as you say Markus?

Actually, I see that we have two rails versions packaged: 5.1 and 5.2, and this
issue is affecting both I guess.

We can maybe some tests around this:
1. Create app with current rails version (and using old puma too). Upgrade
rails with this small patch, update puma and see what happens
2. Test the new patch creating new apps and see if the new puma version is
compatible

Markus, if you already did these tests let us know, but I cannot think on
anything better (I guess thinking on upgrading rails to version 6 is not a good
idea at this point)