Actions
Bug #21130
closed
Update net-imap for ruby 3.2, 3.3, 3.4
Description
The bundled versions are vulnerable to CVE-2024-25186 (GHSA-7fc5-f82f-cx69). Fixing the issue requires upgrading to v0.3.8, v0.4.19, or v0.5.4.
- ruby 3.2.7 bundles net-imap v0.3.4.1
PR: Bump net-imap to 0.3.8 for Ruby 3.2
https://github.com/ruby/ruby/pull/12733 - ruby 3.3.7 bundles net-imap v0.4.9.1
PR: Bump net-imap to 0.4.19 for Ruby 3.3
https://github.com/ruby/ruby/pull/12732 - ruby 3.4.1 bundles net-imap v0.5.4
PR: Bump net-imap to v0.5.6 for Ruby 3.4
https://github.com/ruby/ruby/pull/12731
The workaround is to uninstall the vulnerable bundled versions and gem install net-imap.
Security Advisory Links:
Updated by
Updated by hsbt (Hiroshi SHIBATA) 3 months ago
- Status changed from Open to Closed
- Backport changed from 3.1: UNKNOWN, 3.2: UNKNOWN, 3.3: UNKNOWN, 3.4: UNKNOWN to 3.1: UNKNOWN, 3.2: REQUIRED, 3.3: REQUIRED, 3.4: REQUIRED
Updated by k0kubun (Takashi Kokubun) 3 months ago
- Backport changed from 3.1: UNKNOWN, 3.2: REQUIRED, 3.3: REQUIRED, 3.4: REQUIRED to 3.1: UNKNOWN, 3.2: REQUIRED, 3.3: REQUIRED, 3.4: DONE
ruby_3_4 12c716eea02f0efbb7dcd4ddb3a8b0523cdb99c2.
Updated by hsbt (Hiroshi SHIBATA) 3 months ago
- Backport changed from 3.1: UNKNOWN, 3.2: REQUIRED, 3.3: REQUIRED, 3.4: DONE to 3.1: UNKNOWN, 3.2: DONE, 3.3: DONE, 3.4: DONE
Actions
Like0
Like0Like0Like0Like0