[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#1037178: puppet does not sync files anymore after recent ruby2.5 security upload

Hiya,

On Wed, Jun 7, 2023 at 2:39 PM Moritz Muehlenhoff <jmm@inutil.org> wrote:
> Specifically https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/
> states:
>
> | For Ruby 2.7: Update to uri 0.10.0.1
> | For Ruby 3.0: Update to uri 0.10.2
> | For Ruby 3.1: Update to uri 0.11.1
> | For Ruby 3.2: Update to uri 0.12.1
>
> And the 0.10 change (https://github.com/ruby/uri/commit/17861a53e499a2eabf7ba83d63914d0f01921d70)
> is different from the 0.12 one (https://github.com/ruby/uri/commit/eaf89cc31619d49e67c64d0b58ea9dc38892d175)
>
> There might be other changes needed for 2.5, not sure.

Yep, I'm taking a look to prep something for 2.5.


- u
Reply to: