From: "kou (Kouhei Sutou) via ruby-core" <ruby-core@...>
Date: 2024-06-02T20:40:32+00:00
Subject: [ruby-core:118143] [Ruby master Bug#20516] The version of rexml in ruby 3.3.2 has not been updated since 3.2.6.

Issue #20516 has been updated by kou (Kouhei Sutou).


https://github.com/ruby/ruby/actions/runs/9334302271/job/25692373287#step:16:185

```text
 Error: test_require_home_runner_work_ruby_ruby_src_gems_src_rexml_test_test_document_rb(RequireFailedErrors): LoadError: failed to load </home/runner/work/ruby/ruby/src/gems/src/rexml/test/test_document.rb>: cannot load such file -- core_assertions
```

We need `test-unit-ruby-core` gem for it.

Other failures may be related to StringScanner version. We'll release a new REXML version with https://github.com/ruby/rexml/commit/f1df7d13b3e57a5e059273d2f0870163c08d7420 in a few weeks. Could you try it after we release it?

----------------------------------------
Bug #20516: The version of rexml in ruby 3.3.2 has not been updated since 3.2.6.
https://bugs.ruby-lang.org/issues/20516#change-108584

* Author: naitoh (Jun NAITOH)
* Status: Closed
* ruby -v: ruby 3.3.2 (2024-05-30 revision e5a195edf6) [arm64-darwin22]
* Backport: 3.1: REQUIRED, 3.2: REQUIRED, 3.3: DONE
----------------------------------------
The version of rexml in ruby 3.3.2 has not been updated since 3.2.6.
This is still a DoS vulnerable version.

https://www.ruby-lang.org/en/news/2024/05/16/dos-rexml-cve-2024-35176/

```
$ ruby -v
ruby 3.3.2 (2024-05-30 revision e5a195edf6) [arm64-darwin22]
$ gem list rexml

*** LOCAL GEMS ***

rexml (3.2.6)
```



-- 
https://bugs.ruby-lang.org/
 ______________________________________________
 ruby-core mailing list -- ruby-core@ml.ruby-lang.org
 To unsubscribe send an email to ruby-core-leave@ml.ruby-lang.org
 ruby-core info -- https://ml.ruby-lang.org/mailman3/postorius/lists/ruby-core.ml.ruby-lang.org/