[
https://issues.apache.org/jira/browse/HBASE-29318?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nihal Jain updated HBASE-29318:
-------------------------------
Status: Patch Available (was: Open)
> Bump jruby to 9.4.12.1 to fix jruby-openssl CVEs
> ------------------------------------------------
>
> Key: HBASE-29318
> URL: https://issues.apache.org/jira/browse/HBASE-29318
> Project: HBase
> Issue Type: Task
> Components: jruby, security, shell
> Reporter: Nihal Jain
> Assignee: Nihal Jain
> Priority: Major
> Labels: pull-request-available
> Fix For: 2.7.0, 3.0.0-beta-2
>
>
> JRuby 9.4.12.1 has been released on May 07 2025. This release drops moderate
> jruby-openssl CVE: [CVE-2025-46551 and
> GHSA-72qj-48g4-5xgx|https://github.com/jruby/jruby-openssl/security/advisories/GHSA-72qj-48g4-5xgx]
> [ |https://github.com/advisories/GHSA-2rxp-v6pw-ch6m]from our classpath.
> Also its been a while we bumped to latest JRuby. See release notes containing
> details about several other bugs fixes / improvements since release 9.4.9.0
> as below:
> * [https://www.jruby.org/2025/01/21/jruby-9-4-10-0.html]
> * [https://www.jruby.org/2025/01/29/jruby-9-4-11-0.html]
> * [https://www.jruby.org/2025/02/11/jruby-9-4-12-0.html]
> * [https://www.jruby.org/2025/05/07/jruby-9-4-12-1.html]
> Note: JRuby 9.4.12.x preserves Ruby 3.1 compatibility as previous version!
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
