Skip to content

Update webrick #48

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 22, 2025
Merged

Update webrick #48

merged 1 commit into from
Aug 22, 2025

Conversation

@binford2k
Copy link
Contributor

@binford2k binford2k commented Aug 22, 2025

Updates to the latest 1.8.x semver to mitigate CVE-2025-6442 and CVE-2024-47220

smortex
smortex approved these changes Aug 22, 2025
View reviewed changes
Copy link
Member

@smortex smortex left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Maybe we can update to the latest version 1.9.1?

@binford2k
Copy link
Contributor Author

binford2k commented Aug 22, 2025

@smortex happy to move to 1.9.1 if someone verifies that it's API compatible. I think that would require running an agent through the test suite.

@bastelfreak
Copy link
Contributor

bastelfreak commented Aug 22, 2025

@binford2k this is just a bolt dependency, right? I don't think the openvox-agent pulls in webrick:

puppet-runtime $ git grep -i webrick
configs/components/rubygem-webrick.rb:#   https://rubygems.org/gems/webrick
configs/components/rubygem-webrick.rb:#   https://github.com/ruby/webrick/releases
configs/components/rubygem-webrick.rb:component 'rubygem-webrick' do |pkg, settings, platform|
configs/projects/bolt-runtime.rb:  proj.component 'rubygem-webrick'

@nmburgan
Copy link
Member

nmburgan commented Aug 22, 2025

Yep, it's just for Bolt. Why Bolt needs webrick, I don't know. Might have been for PE bolt server. If so, we should remove it sometime. But for now, might as well be up to date.

@nmburgan nmburgan merged commit 3e14ca6 into main Aug 22, 2025
5 checks passed
@nmburgan nmburgan deleted the binford2k-patch-1 branch August 22, 2025 16:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@smortex smortex smortex approved these changes

+1 more reviewer

@genebean genebean genebean approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@binford2k @bastelfreak @nmburgan @smortex @genebean