[PA-4805] Bump puppet-runtime's Ruby to 2.7.7 - Puppet Jira Server

XML

Word

Printable

Details

Type: Task
Status: Resolved
Priority: High
Resolution: Fixed
Affects Version/s: None
Fix Version/s: puppet-agent 7.21.0
Component/s: Security
Labels:
- docs_reviewed

Team:
Phoenix
Story Points:
2
CVE-ID:
CVE-2021-33621
Sprint:
Phoenix 2022-12-07

Release Notes:
Security Fix
Release Notes Summary:
Updates puppet-agent's Ruby to 2.7.7, addressing CVE-2021-33621

QA Risk Assessment:
Needs Assessment

Description

Ruby 2.7.7 was released on November 24: https://www.ruby-lang.org/en/news/2022/11/24/ruby-2-7-7-released/

The release addresses a high criticality vulnerability (8.8 CVSS), CVE-2021-33621: https://nvd.nist.gov/vuln/detail/CVE-2021-33621

We need to bump Ruby 2.7 in our runtimes from 2.7.6 to 2.7.7 and apply any relevant patches to Ruby 2.5.9.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Michael Hashizume

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2022/11/28 2:12 PM

Updated:: 2022/12/07 1:25 PM

Resolved:: 2022/11/30 3:58 PM

Zendesk Support