Date-parsing methods have been modified to accept an input-size
limitoption. This addresses CVE-2021-41817. It was originally reported against Ruby's C-based
dateextension, which JRuby does not use, but JRuby's own implementation of
dateis also affected by the same issue.
The fix is detailed in #6952. A workaround is provided, via patching the pure-Ruby
datecode in your own JRuby install. Rebuilding JRuby is not necessary. This PR is the only functional difference from JRuby 18.104.22.168.
In order to match Ruby behavior and permit interrupting these date-parsing regular expression matches, this release also enables interruptible regular expressions globally. This feature can be disabled using the "regexp.interruptible" JRuby option as described in the above PR.