Issue #20516 has been updated by naitoh (Jun NAITOH).
However the failure in test-bundled-gems persists. I think we should backport additional changesets related to bundled gems tests. I will continue to investigate. Any suggestions are welcome.
- https://rubygems.org/gems/rexml/versions/3.2.6 - Development依存関係 (3): - bundler >= 0 - rake >= 0 - test-unit >= 0 - https://rubygems.org/gems/rexml/versions/3.2.8 - Runtime依存関係 (1): - strscan >= 3.0.9 The version of strscan required has changed, which may be the cause. ---------------------------------------- Bug #20516: The version of rexml in ruby 3.3.2 has not been updated since 3.2.6. https://bugs.ruby-lang.org/issues/20516#change-108578 * Author: naitoh (Jun NAITOH) * Status: Closed * ruby -v: ruby 3.3.2 (2024-05-30 revision e5a195edf6) [arm64-darwin22] * Backport: 3.1: REQUIRED, 3.2: REQUIRED, 3.3: DONE ---------------------------------------- The version of rexml in ruby 3.3.2 has not been updated since 3.2.6. This is still a DoS vulnerable version. https://www.ruby-lang.org/en/news/2024/05/16/dos-rexml-cve-2024-35176/ ``` $ ruby -v ruby 3.3.2 (2024-05-30 revision e5a195edf6) [arm64-darwin22] $ gem list rexml *** LOCAL GEMS *** rexml (3.2.6) ``` -- https://bugs.ruby-lang.org/