Changes between Initial Version and Version 1 of Ticket #12456, comment 1
- Timestamp:
- 08/30/2019 04:06:33 PM (5 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #12456, comment 1
initial v1 1 1 This seems to be a security release for rdoc, fixing a vulnerability from 2012 and 2015. 2 2 3 4 There are multiple vulnerabilities about Cross-Site Scripting (XSS) in jQuery shipped with RDoc which bundled in Ruby. All Ruby users are recommended to update Ruby to the latest release which includes the fixed version of RDoc. 3 5 {{{ 4 There are multiple vulnerabilities about Cross-Site Scripting (XSS) in jQuery shipped with RDoc which bundled in Ruby. All Ruby users are recommended to update Ruby to the latest release which includes the fixed version of RDoc.5 6 Details 6 7 … … 9 10 CVE-2012-6708 10 11 CVE-2015-9251 11 12 }}} 12 13 It is strongly recommended for all Ruby users to upgrade your Ruby installation or take one of the following workarounds as soon as possible. You also have to re-generate existing RDoc documentations to completely mitigate the vulnerabilities. 13 14 Affected Versions 14 15 {{{ 15 16 Ruby 2.3 series: all 16 17 Ruby 2.4 series: 2.4.6 and earlier … … 18 19 Ruby 2.6 series: 2.6.3 and earlier 19 20 prior to master commit f308ab2131ee675000926540cbb8c13c91dc3be5 20 21 }}} 21 22 Required actions 22 23 … … 38 39 39 40 Thanks to Chris Seaton for reporting the issue. 41 {{{ 40 42 History 41 43