maintainer-feedback requested: [Bug 253822] lang/jruby: Update to 9.2.15.0
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Feb 24 20:08:41 UTC 2021
Bugzilla Automation <bugzilla at FreeBSD.org> has asked freebsd-ruby (Nobody)
<ruby at FreeBSD.org> for maintainer-feedback:
Bug 253822: lang/jruby: Update to 9.2.15.0
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253822
--- Description ---
This includes fixes for various security issues, in particular:
* CVE-2011-4815 (predictable hashing DoS)
* CVE-2017-17742, CVE-2019-16254, CVE-2020-25613 (WeBrick request
smuggling/splitting)
* CVE-2017-18640 (SnakeYAML entity expansion DoS)
As well as fixes for File.stat/lstat on FreeBSD 12 and later, which previously
rendered JRuby unusable on these systems.
Port passes portlint and poudriere testport.
More information about the freebsd-ruby
mailing list