From: "hsbt (Hiroshi SHIBATA)" <noreply@ruby-lang.org>
To: ruby-core@ml.ruby-lang.org
Subject: [ruby-core:111184] [Ruby master Misc#19178] How does CRuby handle CVE issues in stdlib gems which get patched?
Date: Sat, 03 Dec 2022 21:53:25 +0000 (UTC) [thread overview]
Message-ID: <redmine.journal-100468.20221203215324.52585@ruby-lang.org> (raw)
In-Reply-To: redmine.issue-19178.20221203211952.52585@ruby-lang.org
Issue #19178 has been updated by hsbt (Hiroshi SHIBATA).
>As far as I know stdlibs get only updated for the users if CRuby releases a new version. So will CRuby always release a new version if there is a critical fix an stdlib "needs" to be updated?
The all of stdlibs are maintained CRuby committers includes me. If the vulnerability is found and assign CVEs, We will release the new version of stdlibs at first. After that, we may release the new version of Ruby.
----------------------------------------
Misc #19178: How does CRuby handle CVE issues in stdlib gems which get patched?
https://bugs.ruby-lang.org/issues/19178#change-100468
* Author: Segaja (Andreas Schleifer)
* Status: Open
* Priority: Normal
----------------------------------------
If there is a CVE issue in one of the stdlibs ( https://stdgems.org/ ) which gets patched, what is CRubys approach on how to push this critical fix to the users?
As far as I know stdlibs get only updated for the users if CRuby releases a new version. So will CRuby always release a new version if there is a critical fix an stdlib "needs" to be updated?
--
https://bugs.ruby-lang.org/
______________________________________________
ruby-core mailing list -- ruby-core@ml.ruby-lang.org
To unsubscribe send an email to ruby-core-leave@ml.ruby-lang.org
ruby-core info -- https://ml.ruby-lang.org/mailman3/postorius/lists/ruby-core.ml.ruby-lang.org/
next prev parent reply other threads:[~2022-12-03 21:53 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-03 21:19 [ruby-core:111183] [Ruby master Misc#19178] How does CRuby handle CVE issues in stdlib gems which get patched? Segaja (Andreas Schleifer)
2022-12-03 21:53 ` hsbt (Hiroshi SHIBATA) [this message]
2022-12-03 21:55 ` [ruby-core:111185] " Segaja (Andreas Schleifer)
2022-12-03 22:11 ` [ruby-core:111186] " austin (Austin Ziegler)
2022-12-03 22:14 ` [ruby-core:111187] " Segaja (Andreas Schleifer)
2022-12-03 22:20 ` [ruby-core:111188] " austin (Austin Ziegler)
2022-12-03 22:55 ` [ruby-core:111189] " hsbt (Hiroshi SHIBATA)
2022-12-03 23:03 ` [ruby-core:111190] " Segaja (Andreas Schleifer)
2022-12-03 23:08 ` [ruby-core:111191] " hsbt (Hiroshi SHIBATA)
2022-12-04 0:03 ` [ruby-core:111192] " ioquatix (Samuel Williams)
2022-12-04 15:10 ` [ruby-core:111200] " graywolf (Gray Wolf)
2022-12-13 4:35 ` [ruby-core:111266] " hsbt (Hiroshi SHIBATA)
2022-12-13 4:35 ` [ruby-core:111267] " hsbt (Hiroshi SHIBATA)
2022-12-13 4:36 ` [ruby-core:111268] " nobu (Nobuyoshi Nakada)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.ruby-lang.org/en/community/mailing-lists/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=redmine.journal-100468.20221203215324.52585@ruby-lang.org \
--to=ruby-core@ruby-lang.org \
--cc=ruby-core@ml.ruby-lang.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).