From: samuel@...
Date: 2020-11-27T04:31:16+00:00
Subject: [ruby-core:101115] [Ruby master Feature#17303] Move webrick to bundled gems or remove it from stdlib

Issue #17303 has been updated by ioquatix (Samuel Williams).


Personally, I'm in favour of a smaller stdlib. Therefore I support this change.

I also believe that we see more innovation when things are allowed to grow under their own terms rather than part of stdlib.

----------------------------------------
Feature #17303: Move webrick to bundled gems or remove it from stdlib
https://bugs.ruby-lang.org/issues/17303#change-88794

* Author: hsbt (Hiroshi SHIBATA)
* Status: Open
* Priority: Normal
* Assignee: hsbt (Hiroshi SHIBATA)
----------------------------------------
I propose to move webrick to bundled gems or remove it from stdlib of ruby.

We have several vulnerability issues in webrick gem.

https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/

The ruby core team don't have enough time to handle them. We should remove webrick from default gems at least.

Patch for this feature: https://github.com/ruby/ruby/pull/3729



-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>