Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Patch REXML in Ruby 2.7 #929

Open
mhashizume opened this issue Nov 1, 2024 · 1 comment
Open

Patch REXML in Ruby 2.7 #929

mhashizume opened this issue Nov 1, 2024 · 1 comment
Labels
triaged Jira issue has been created for this

Comments

@mhashizume
Copy link
Contributor

Ruby announced a vulnerability in REXML with a CVSS score of 6.6: GHSA-2rxp-v6pw-ch6m

This vulnerability does not affect Ruby 3.2 or later. We should probably assume that this affects Ruby 2.7, which we still use in agent-runtime-7.x.

We need to patch REXML in Ruby 2.7 to address this vulnerability.

It seems this is the commit in the REXML gem that addresses the vulnerability: ruby/rexml@ce59f2e
@mhashizume mhashizume added the triaged Jira issue has been created for this label Nov 1, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 1, 2024

Migrated issue to PA-7106

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
triaged Jira issue has been created for this
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mhashizume