Skip to content
This repository has been archived by the owner on Jan 9, 2025. It is now read-only.

Patch REXML in Ruby 2.7 #929

Closed
mhashizume opened this issue Nov 1, 2024 · 2 comments
Closed

Patch REXML in Ruby 2.7 #929

mhashizume opened this issue Nov 1, 2024 · 2 comments
Labels
triaged Jira issue has been created for this

Comments

@mhashizume
Copy link
Contributor

Ruby announced a vulnerability in REXML with a CVSS score of 6.6: GHSA-2rxp-v6pw-ch6m

This vulnerability does not affect Ruby 3.2 or later. We should probably assume that this affects Ruby 2.7, which we still use in agent-runtime-7.x.

We need to patch REXML in Ruby 2.7 to address this vulnerability.

It seems this is the commit in the REXML gem that addresses the vulnerability: ruby/rexml@ce59f2e
@mhashizume mhashizume added the triaged Jira issue has been created for this label Nov 1, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 1, 2024

Migrated issue to PA-7106

@AriaXLi
Copy link
Contributor

AriaXLi commented Jan 9, 2025

Closing this issue because puppet-runtime is being archived (see OSPTE-212)

@AriaXLi AriaXLi closed this as completed Jan 9, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
triaged Jira issue has been created for this
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mhashizume @AriaXLi