Date: Wed, 24 Feb 2021 20:08:41 +0000 From: bugzilla-noreply@freebsd.org To: ruby@FreeBSD.org Subject: maintainer-feedback requested: [Bug 253822] lang/jruby: Update to 9.2.15.0 Message-ID: <bug-253822-21402-xAuvqp7P4m@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-253822-21402@https.bugs.freebsd.org/bugzilla/> References: <bug-253822-21402@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
Bugzilla Automation <bugzilla@FreeBSD.org> has asked freebsd-ruby (Nobody) <ruby@FreeBSD.org> for maintainer-feedback: Bug 253822: lang/jruby: Update to 9.2.15.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D253822 --- Description --- This includes fixes for various security issues, in particular: * CVE-2011-4815 (predictable hashing DoS) * CVE-2017-17742, CVE-2019-16254, CVE-2020-25613 (WeBrick request smuggling/splitting) * CVE-2017-18640 (SnakeYAML entity expansion DoS) As well as fixes for File.stat/lstat on FreeBSD 12 and later, which previou= sly rendered JRuby unusable on these systems. Port passes portlint and poudriere testport.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-253822-21402-xAuvqp7P4m>