We were able to bypass the mechanism that prevents open redirects due to incomplete URL input validation.
I have reported it below and written a patch to fix it.
https://hackerone.com/reports/1789458
Vulnerable code will look like this:
redirect_to(params[:some_param])
Rails 7.0 introduced protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could be bypassed by a carefully crafted URL.