From: "nagachika (Tomoyuki Chikanaga) via ruby-core" <ruby-core@...>
Date: 2024-08-17T12:42:15+00:00
Subject: [ruby-core:118868] [Ruby master Bug#20667] Backport REXML CVE fixes

Issue #20667 has been updated by nagachika (Tomoyuki Chikanaga).

Backport changed from 3.1: REQUIRED, 3.2: REQUIRED, 3.3: REQUIRED to 3.1: REQUIRED, 3.2: DONE, 3.3: REQUIRED

ruby_3_2 commit:0f2f6b31aa6433fd800f0621b5bedbaf0da12a6f merged revision(s) commit:2a7da0b6e76929c684cd948630a897c1d5b16c26.

----------------------------------------
Bug #20667: Backport REXML CVE fixes
https://bugs.ruby-lang.org/issues/20667#change-109440

* Author: vo.x (Vit Ondruch)
* Status: Closed
* ruby -v: ruby 3.3.4 (2024-07-09 revision be1089c8ec) [x86_64-linux]
* Backport: 3.1: REQUIRED, 3.2: DONE, 3.3: REQUIRED
----------------------------------------
It would be nice to have the recent REXML CVE fixes backported everywhere.

BTW it is surprising that REXML was recently bumped in 3.1 / 3.2 branches, but 3.3 branch stays with older REXML 3.2.



-- 
https://bugs.ruby-lang.org/
 ______________________________________________
 ruby-core mailing list -- ruby-core@ml.ruby-lang.org
 To unsubscribe send an email to ruby-core-leave@ml.ruby-lang.org
 ruby-core info -- https://ml.ruby-lang.org/mailman3/lists/ruby-core.ml.ruby-lang.org/