[jira] [Updated] (HBASE-28250) Bump jruby to 9.4.5.0 and related joni and jcodings

Nihal Jain (Jira) Thu, 07 Dec 2023 02:00:05 -0800


     [ 
https://issues.apache.org/jira/browse/HBASE-28250?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Nihal Jain updated HBASE-28250:
-------------------------------
    Component/s: jruby

> Bump jruby to 9.4.5.0 and related joni and jcodings
> ---------------------------------------------------
>
>                 Key: HBASE-28250
>                 URL: https://issues.apache.org/jira/browse/HBASE-28250
>             Project: HBase
>          Issue Type: Task
>          Components: jruby
>            Reporter: Nihal Jain
>            Assignee: Nihal Jain
>            Priority: Major
>
> As a follow up of HBASE-28249, we want to bump to latest 9.4.x line here. 
> [https://www.jruby.org/2023/11/02/jruby-9-4-5-0.html] breaks compatibility by 
> making ruby 3.1 as minimum required version.
> But it drops snakeyaml CVEs from our classpath via 
> https://github.com/jruby/jruby/issues/7570:
>  * *org.yaml : snakeyaml : 1.33* having 
> [CVE-2022-1471|https://nvd.nist.gov/vuln/detail/CVE-2022-1471]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (HBASE-28250) Bump jruby to 9.4.5.0 and related joni and jcodings

Reply via email to