Project

General

Profile

Feature #17303

Updated by sawa (Tsuyoshi Sawada) over 3 years ago

I propose to move make webrick to bundled gems or remove it from stdlib of ruby. 

 We have a several vulnerability issues related vulnerabilities in webrick gem. 

 https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/ 

 The ruby core team don't have enough time to handle them. We should remove webrick from default gems at least. 

 Patch for this feature: https://github.com/ruby/ruby/pull/3729

Back