Skip to content

Instantly share code, notes, and snippets.

Last active December 2, 2021 16:44
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?


  • Date-parsing methods have been modified to accept an input-size limit option. This addresses CVE-2021-41817. It was originally reported against Ruby's C-based date extension, which JRuby does not use, but JRuby's own implementation of date is also affected by the same issue.

    The fix is detailed in #6952. A workaround is provided, via patching the pure-Ruby date code in your own JRuby install. Rebuilding JRuby is not necessary. This PR is the only functional difference from JRuby

  • In order to match Ruby behavior and permit interrupting these date-parsing regular expression matches, this release also enables interruptible regular expressions globally. This feature can be disabled using the "regexp.interruptible" JRuby option as described in the above PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment