Re: [ANN] JRuby Released

‌congrats! Thanks for the work.


De : "Thomas E Enebo"
A : "JRuby project mailing list" ,"ruby-talk ML"
Envoyé: jeudi 2 Décembre 2021 00:30
Objet : [ANN] JRuby Released

The JRuby community is pleased to announce the release of JRuby


JRuby 9.2.x is compatible with Ruby 2.5.x and stays in sync with C Ruby. As always there is a mix of miscellaneous fixes so be sure to read the issue list below. All users are encouraged to upgrade.

This is a security release to address CVE-2021-41817. It was originally reported against Ruby’s C-based date extension, which JRuby does not use, but JRuby’s own implementation of date is also affected by the same issue.

The issue affects calls to various Date and DateTime parsing methods with extremely long strings. The regular expressions associated with these methods may run much longer than desired or never return.

The fix is detailed in #6951. A workaround is provided, via patching the pure-Ruby date code in your own JRuby install. Rebuilding JRuby is not necessary. This PR is the only functional difference from JRuby

We recommend that all JRuby 9.2 users upgrade.

\#6951 \- Limit Date\.parse input length and make interruptible


blog: twitter: tom_enebo