Package ruby-bundled-gems-3.1.7-145.module+el8.10.0+623+69bbd9fb.x86_64 content_copy download

×

* Thu Mar 27 2025 Jarek Prokop <jprokop@redhat.com> - 3.1.7-145
- Upgrade to Ruby 3.1.7.
  Resolves: RHEL-55408
- Fix DoS vulnerability in REXML. (CVE-2024-39908)
  Resolves: RHEL-57051
- Fix DoS vulnerability in REXML. (CVE-2024-43398)
  Resolves: RHEL-56002

* Tue Nov 26 2024 Jarek Prokop <jprokop@redhat.com> - 3.1.5-144
- Fix REXML ReDoS vulnerability. (CVE-2024-49761)
  Resolves: RHEL-68520

* Tue May 07 2024 Jun Aruga <jaruga@redhat.com> - 3.1.5-143
- Upgrade to Ruby 3.1.5.
  Resolves: RHEL-35748
- Fix buffer overread vulnerability in StringIO.
  Resolves: RHEL-35749
- Fix RCE vulnerability with .rdoc_options in RDoc.
  Resolves: RHEL-35750
- Fix arbitrary memory address read vulnerability with Regex search.
  Resolves: RHEL-35751

* Fri Mar 01 2024 Jarek Prokop <jprokop@redhat.com> - 3.1.4-142
- Upgrade to Ruby 3.1.4.
  Resolves: RHEL-5584
- Fix HTTP response splitting in CGI.
  Resolves: CVE-2021-33621
- Fix ReDos vulnerability in URI.
  Resolves: CVE-2023-28755
  Resolves: CVE-2023-36617
- Fix ReDos vulnerability in Time.
  Resolves: CVE-2023-28756
- Make RDoc soft dependency in IRB.
  Resolves: RHEL-5615

* Tue Dec 12 2023 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 3.1.2-141
- Rebuilt for MSVSphere 8.8

* Thu Apr 21 2022 Jarek Prokop <jprokop@redhat.com> - 3.1.2-141
- Upgrade to Ruby 3.1.2.
  Resolves: rhbz#2063772

* Tue Oct 05 2021 Jarek Prokop <jprokop@redhat.com> - 3.0.2-140
- Fix rubygem-irb upgrade not working due to directory -> symlink conversion.
  Resolves: rhbz#2010949

* Tue Jul 13 2021 Jarek Prokop <jprokop@redhat.com> - 3.0.2-139
- Upgrade to Ruby 3.0.2.
  Related: rhbz#1938942
- Fix command injection vulnerability in RDoc. (CVE-2021-31799)
- Fix FTP PASV command response can cause Net::FTP to connect to arbitrary host.
  (CVE-2021-31810)
- Fix StartTLS stripping vulnerability in Net::IMAP (CVE-2021-32066)
- Fix dependencies of gems with explicit source installed from a
  different source. (CVE-2020-36327)
- Pass ldflags to gem install via CONFIGURE_ARGS.
  The same comment on the changelog 3.0.1-138 was wrong.

* Mon Jun 07 2021 Jarek Prokop <jprokop@redhat.com> - 3.0.1-138
- Upgrade to Ruby 3.0.1 by merging Fedora rawhide branch (commit: 6b2ff68).
  * Add missing `rubygem-` prefix for bundled provide of 'connection_pool'.
  * Pass ldflags to gem install via CONFIGURE_ARGS
  * Remove IRB dependency from rubygem-rdoc.
  * Fix flaky excon test suite.
  * Properly support DWARF5 debug information.
      Related: rhbz#1920533
  * Bundle OpenSSL into StdLib.
  * Fix SEGFAULT in rubygem-shoulda-matchers test suite.
  * Provide `gem.build_complete` file for binary gems.
  * Re-enable test suite.
  * ruby-default-gems have to depend on rubygem(io-console) due to reline.
  * Fix SEGFAULT preventing rubygem-unicode to build on armv7hl.
  * Add support for reworked RubyGems plugins.
  * Use proper path for plugin wrappers.
  * Extract RSS and REXML into separate subpackages, because they were moved from
     default gems to bundled gems.
  * Drop Net::Telnet and XMLRPC packages, because they were dropped from Ruby.
  Resolves: rhbz#1938942
- Fix FTBFS due to an incompatible load directive.

* Wed Apr 07 2021 Pavel Valena <pvalena@redhat.com> - 2.7.3-136
- Upgrade to Ruby 2.7.3.
  Resolves: rhbz#1947938
- Resolv::DNS: timeouts if multiple IPv6 name servers are given and address
  contains leading zero
  Resolves: rhbz#1944227