Skip to content

Instantly share code, notes, and snippets.

@headius
Last active October 19, 2022 19:53
Show Gist options
  • Save headius/712c2eb9a74e2ffefb39c1318ad78467 to your computer and use it in GitHub Desktop.
Save headius/712c2eb9a74e2ffefb39c1318ad78467 to your computer and use it in GitHub Desktop.

Thanks to our contributors this cycle for helping to improve stability and compatibility of JRuby 9.3: @chadlwilson, @coheigea

Standard Library

  • rdoc has been updated to 6.3.3 to fix all known CVEs. (#7396, #7404)
  • rexml has been updated to 3.2.5 to fix all known CVEs. (#7395, #7405)
  • jruby-openssl has been updated to 0.14.0 to fix weak HMAC key hashing in bouncycastle, which itself is updated to 1.71. (#7335, #7385, #7399)
  • psych has been updated to 3.3.4 to fix CVE-2022-38752 in the SnakeYAML library, which itself is updated to 1.33. (#7386, #7388, #7400)
  • rubygems has been updated to 3.2.33 and bundler updated to 2.2.33 to address CVE-2021-43809. (#7397, #7401)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment