Ruby BigDecimal vulnerability seems to affect JRuby as well
-----------------------------------------------------------
Key: JRUBY-3744
URL: http://jira.codehaus.org/browse/JRUBY-3744
Project: JRuby
Issue Type: Bug
Components: Core Classes/Modules
Affects Versions: JRuby 1.3
Reporter: Nick Sieger
Priority: Critical
Fix For: JRuby 1.4
Ruby announced a security vulnerability in BigDecimal. See
http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/
for details.
JRuby seems to be affected as well. It doesn't crash, but appears to be stuck
in an infinite loop. See the following output: http://gist.github.com/126922
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe from this list, please visit:
http://xircles.codehaus.org/manage_email
