Bug #21130: Update net-imap for ruby 3.2, 3.3, 3.4 - Ruby - Ruby Issue Tracking System

Actions

Bug #21130

closed

Update net-imap for ruby 3.2, 3.3, 3.4

Added by nevans (Nicholas Evans) 3 months ago. Updated 3 months ago.

Status:

Closed

Assignee:

-

Target version:

-

ruby -v:

Backport:

3.1: UNKNOWN, 3.2: DONE, 3.3: DONE, 3.4: DONE

[ruby-core:120960]

Description

The bundled versions are vulnerable to CVE-2024-25186 (GHSA-7fc5-f82f-cx69). Fixing the issue requires upgrading to v0.3.8, v0.4.19, or v0.5.4.

ruby 3.2.7 bundles net-imap v0.3.4.1
PR: Bump net-imap to 0.3.8 for Ruby 3.2
https://github.com/ruby/ruby/pull/12733
ruby 3.3.7 bundles net-imap v0.4.9.1
PR: Bump net-imap to 0.4.19 for Ruby 3.3
https://github.com/ruby/ruby/pull/12732
ruby 3.4.1 bundles net-imap v0.5.4
PR: Bump net-imap to v0.5.6 for Ruby 3.4
https://github.com/ruby/ruby/pull/12731

The workaround is to uninstall the vulnerable bundled versions and gem install net-imap.

Security Advisory Links:

Actions

Also available in: Atom PDF

Like0

Like0Like0Like0Like0