Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade rexml to 3.3.6 to fix CVE-2024-43398 #5245

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Upgrade rexml to 3.3.6 to fix CVE-2024-43398 #5245

wants to merge 1 commit into from

Conversation

raymzag
Copy link
Contributor

@raymzag raymzag commented Sep 3, 2024

Resolves CVE-2024-43398

Name: rexml
--
  | Version: 3.2.8
  | CVE: CVE-2024-43398
  | GHSA: GHSA-vmwr-mc7x-5vc3
  | Criticality: Medium
  | URL: https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3
  | Title: REXML denial of service vulnerability
  | Solution: update to '>= 3.3.6'

Tests

bundle exec rake test:local

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
6012 tests, 80277 assertions, 0 failures, 0 errors, 0 pendings, 0 omissions, 0 notifications
100% passed
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
177.93 tests/s, 2375.84 assertions/s
Running RuboCop...
Inspecting 801 files
.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

801 files inspected, no offenses detected

Tip: Based on detected gems, the following RuboCop extension libraries might be helpful:
  * rubocop-rake (https://github.com/rubocop/rubocop-rake)

You can opt out of this message by adding the following to your config (see https://docs.rubocop.org/rubocop/extensions.html#extension-suggestions for more options):
  AllCops:
    SuggestExtensions: false

@raymzag raymzag mentioned this pull request Sep 3, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@raymzag