From: "hsbt (Hiroshi SHIBATA)" <noreply@...>
Date: 2021-11-25T11:41:54+00:00
Subject: [ruby-core:106276] [Ruby master Feature#10510] Remove REXML instead of patching it

Issue #10510 has been updated by hsbt (Hiroshi SHIBATA).

Status changed from Assigned to Closed

rexml is the bundled gems since Ruby 3.0. 

----------------------------------------
Feature #10510: Remove REXML instead of patching it
https://bugs.ruby-lang.org/issues/10510#change-94899

* Author: grosser (Michael Grosser)
* Status: Closed
* Priority: Normal
* Assignee: kou (Kouhei Sutou)
----------------------------------------
 There have been at least 3 rexml vulerabilities to date,
 having to patch ruby just to make sure it's not being used is taking a lot
 of time/effort.
 
 Afaik most people do not use xml anyway (and especially not rexml), just
 for comparison: it would make much more sense to have json included, but
 it's not.
 
 So let's just drop it & make it a gem.



-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>