[ruby-core:118796] [Ruby master Bug#20667] Backport ReXML CVE fixes
Issue #20667 has been reported by vo.x (Vit Ondruch). ---------------------------------------- Bug #20667: Backport ReXML CVE fixes https://bugs.ruby-lang.org/issues/20667 * Author: vo.x (Vit Ondruch) * Status: Open * ruby -v: ruby 3.3.4 (2024-07-09 revision be1089c8ec) [x86_64-linux] * Backport: 3.1: UNKNOWN, 3.2: UNKNOWN, 3.3: UNKNOWN ---------------------------------------- It would be nice to have the recent ReXML CVE fixes backported everywhere. BTW it is surprising that ReXML was recently bumped in 3.1 / 3.2 branches, but 3.3 brach stays with older ReXML 3.2. -- https://bugs.ruby-lang.org/
Issue #20667 has been updated by nagachika (Tomoyuki Chikanaga). Backport changed from 3.1: REQUIRED, 3.2: REQUIRED, 3.3: REQUIRED to 3.1: REQUIRED, 3.2: DONE, 3.3: REQUIRED ruby_3_2 commit:0f2f6b31aa6433fd800f0621b5bedbaf0da12a6f merged revision(s) commit:2a7da0b6e76929c684cd948630a897c1d5b16c26. ---------------------------------------- Bug #20667: Backport REXML CVE fixes https://bugs.ruby-lang.org/issues/20667#change-109440 * Author: vo.x (Vit Ondruch) * Status: Closed * ruby -v: ruby 3.3.4 (2024-07-09 revision be1089c8ec) [x86_64-linux] * Backport: 3.1: REQUIRED, 3.2: DONE, 3.3: REQUIRED ---------------------------------------- It would be nice to have the recent REXML CVE fixes backported everywhere. BTW it is surprising that REXML was recently bumped in 3.1 / 3.2 branches, but 3.3 branch stays with older REXML 3.2. -- https://bugs.ruby-lang.org/
Issue #20667 has been updated by k0kubun (Takashi Kokubun). Backport changed from 3.1: REQUIRED, 3.2: DONE, 3.3: REQUIRED to 3.1: REQUIRED, 3.2: DONE, 3.3: DONE ruby_3_3 commit:e0e23e7d5eb4da42c490b1d3408bd6e5047e8f83 merged revision(s) commit:29500e30346. ---------------------------------------- Bug #20667: Backport REXML CVE fixes https://bugs.ruby-lang.org/issues/20667#change-109580 * Author: vo.x (Vit Ondruch) * Status: Closed * ruby -v: ruby 3.3.4 (2024-07-09 revision be1089c8ec) [x86_64-linux] * Backport: 3.1: REQUIRED, 3.2: DONE, 3.3: DONE ---------------------------------------- It would be nice to have the recent REXML CVE fixes backported everywhere. BTW it is surprising that REXML was recently bumped in 3.1 / 3.2 branches, but 3.3 branch stays with older REXML 3.2. -- https://bugs.ruby-lang.org/
Issue #20667 has been updated by k0kubun (Takashi Kokubun). Please consider filing a backport PR to stable branches next time. ---------------------------------------- Bug #20667: Backport REXML CVE fixes https://bugs.ruby-lang.org/issues/20667#change-109581 * Author: vo.x (Vit Ondruch) * Status: Closed * ruby -v: ruby 3.3.4 (2024-07-09 revision be1089c8ec) [x86_64-linux] * Backport: 3.1: REQUIRED, 3.2: DONE, 3.3: DONE ---------------------------------------- It would be nice to have the recent REXML CVE fixes backported everywhere. BTW it is surprising that REXML was recently bumped in 3.1 / 3.2 branches, but 3.3 branch stays with older REXML 3.2. -- https://bugs.ruby-lang.org/
Issue #20667 has been updated by hsbt (Hiroshi SHIBATA). Backport changed from 3.1: REQUIRED, 3.2: DONE, 3.3: DONE to 3.1: DONE, 3.2: DONE, 3.3: DONE https://github.com/ruby/ruby/pull/11581 ---------------------------------------- Bug #20667: Backport REXML CVE fixes https://bugs.ruby-lang.org/issues/20667#change-109702 * Author: vo.x (Vit Ondruch) * Status: Closed * ruby -v: ruby 3.3.4 (2024-07-09 revision be1089c8ec) [x86_64-linux] * Backport: 3.1: DONE, 3.2: DONE, 3.3: DONE ---------------------------------------- It would be nice to have the recent REXML CVE fixes backported everywhere. BTW it is surprising that REXML was recently bumped in 3.1 / 3.2 branches, but 3.3 branch stays with older REXML 3.2. -- https://bugs.ruby-lang.org/
participants (4)
-
hsbt (Hiroshi SHIBATA) -
k0kubun (Takashi Kokubun)
-
nagachika (Tomoyuki Chikanaga)
-
vo.x (Vit Ondruch)