Project

General

Profile

Actions

Misc #19178

closed

How does CRuby handle CVE issues in stdlib gems which get patched?

Added by Segaja (Andreas Schleifer) almost 2 years ago. Updated almost 2 years ago.


Description

If there is a CVE issue in one of the stdlibs ( https://stdgems.org/ ) which gets patched, what is CRubys approach on how to push this critical fix to the users?

As far as I know stdlibs get only updated for the users if CRuby releases a new version. So will CRuby always release a new version if there is a critical fix an stdlib "needs" to be updated?


Related issues 1 (1 open0 closed)

Related to Ruby master - Feature #17684: Remove `--disable-gems` from release version of RubyAssignedhsbt (Hiroshi SHIBATA)Actions
Actions

Also available in: Atom PDF

Like1
Like0Like0Like0Like0Like1Like0Like0Like0Like1Like0Like0Like0Like0Like0