[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Ruby security updates
From: |
Thompson, David |
Subject: |
Re: Ruby security updates |
Date: |
Fri, 8 Jan 2016 19:15:53 -0500 |
On Fri, Jan 8, 2016 at 6:48 PM, Mark H Weaver <address@hidden> wrote:
> Some of our ruby versions may need security updates.
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1248935
>
> Can someone who cares about ruby please investigate?
This particular issue is definitely fixed in Ruby 2.2.4 or later,
which we upgraded very recently in response to this.
Now, I suspect Pjotr will find issue with this, but I think we really
should drop the Ruby 1.8.7 package because it is end-of-life and will
*not* receive bug fixes or security updates.
Thoughts?
- Dave