From: merch-redmine@...
Date: 2019-03-15T19:50:42+00:00
Subject: [ruby-core:91851] [Ruby trunk Bug#15637] Backport RubyGems	3.0.3/2.7.9

Issue #15637 has been updated by jeremyevans0 (Jeremy Evans).


Are there plans to backport the Rubygems security patches to Ruby 2.3?  Ruby 2.3 is still in security maintenance status until the end of the month, so I think this would qualify, but I'm not sure.

----------------------------------------
Bug #15637: Backport RubyGems 3.0.3/2.7.9
https://bugs.ruby-lang.org/issues/15637#change-77122

* Author: hsbt (Hiroshi SHIBATA)
* Status: Closed
* Priority: Normal
* Assignee: 
* Target version: 
* ruby -v: 
* Backport: 2.4: REQUIRED, 2.5: DONE, 2.6: DONE
----------------------------------------
I released RubyGems 3.0.3 and 2.7.9 today. They contain multiple vulnerability fixes.

* https://blog.rubygems.org/2019/03/05/3.0.3-released.html
* https://blog.rubygems.org/2019/03/05/2.7.9-released.html

I attached the patches for Ruby 2.4, 2.5 and 2.6.

---Files--------------------------------
ruby-2.4.5-rubygems.patch (12.4 KB)
ruby-2.5.3-rubygems.patch (12.4 KB)
ruby-2.6.1-rubygems.patch (17.6 KB)
ruby-2.4.5-rubygems-v2.patch (12.5 KB)
ruby-2.5.3-rubygems-v2.patch (12.5 KB)
ruby-2.6.1-rubygems-v2.patch (17.7 KB)


-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>