Project

General

Profile

Actions

Feature #17303

closed

Remove webrick from stdlib

Added by hsbt (Hiroshi SHIBATA) about 1 year ago. Updated 12 months ago.

Status:
Closed
Priority:
Normal
Target version:
[ruby-core:100689]

Description

I propose to move webrick to bundled gems or remove it from stdlib of ruby.

We have several vulnerability issues in webrick gem.

https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/

The ruby core team don't have enough time to handle them. We should remove webrick from default gems at least.

Patch for this feature: https://github.com/ruby/ruby/pull/3729


Related issues

Related to Ruby master - Feature #15657: Make webrick to bundled gemsClosedhsbt (Hiroshi SHIBATA)Actions
Actions

Also available in: Atom PDF