Project

General

Profile

Actions

Bug #16238

closed

Publish new WEBrick version to rubygems.org

Added by rbjl (Jan Lelis) about 5 years ago. Updated about 5 years ago.

Status:
Closed
Target version:
-
[ruby-core:95222]

Description

The latest security releases of Ruby include some fixes in the webrick default gem:

However, as of now, the changes have not been published to rubygems:

More confusingly, the version number of webrick has not be changed yet: https://github.com/ruby/ruby/blob/v2_6_5/lib/webrick/version.rb (still 1.4.2 as before the security patches). This is problematic, because now multiple versions of version 1.4.2 of webrick exist... It also prevents people from quickly resolving the webrick-related security issue by just installing the new version of webrick.

In the past, security patches often led to a fourth-place-version-number (see for example, rubygems itself, or rdoc)

I suggest that a new version of webrick should be released to rubygems. I am also curious about how the process of dealing with similar issues in the future can be optimized

Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0