[PA-4131] bump ruby date gem on ruby 2.5.9 to address CVE-2021-41817 - Puppet Jira Server

XML

Word

Printable

Details

Type: Task
Status: Resolved
Priority: Normal
Resolution: Fixed
Affects Version/s: None
Fix Version/s: puppet-agent 6.26.0
Component/s: None
Labels:
None

Team:
Night's Watch
Story Points:
2
Sprint:
NW - 2021-12-17

Release Notes:
Bug Fix
Release Notes Summary:
Patch our vendored Ruby to fix the CVE-2021-41817 vulnerability in the date gem.

QA Risk Assessment:
Needs Assessment

Description

https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/

since ruby 2.5.9 in EOL, we need to perform this manually

Attachments

Issue Links

blocks

PA-4101 Update date gem in puppet AIO packages

Closed

Activity

People

Assignee:: Gabriel Nagy

Reporter:: Ciprian Badescu

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2021/12/02 3:33 AM

Updated:: 2022/01/12 12:11 PM

Resolved:: 2021/12/16 12:18 AM

Zendesk Support