These are all security issues fixed in the ruby2.7-rubygem-actionpack-6.0-6.0.4-1.2 package on the GA media of openSUSE Tumbleweed.