Debian has issued an advisory today (June 8):
Mageia 5 and Mageia 6 are also affected.
Patches available from Debian
Fixed both Cauldron and mga6!
Updated jruby packages fix security vulnerabilities:
Several vulnerabilities were discovered in jruby. They would allow an attacker
to use specially crafted gem files to mount cross-site scripting attacks, cause
denial of service through an infinite loop, write arbitrary files, or run
malicious code (CVE-2018-1000073, CVE-2018-1000074, CVE-2018-1000075,
CVE-2018-1000076, CVE-2018-1000077, CVE-2018-1000078, CVE-2018-1000079).
Updated packages in core/updates_testing:
Patches available from Debian =>
Created attachment 10727 [details]
Script for testing JavaSwing in jruby - does not work
Refers to java.lang.boolean
Not found in jruby.
$ jruby -v
jruby 1.7.22 (1.9.3p551) 2017-05-17 fffffff on OpenJDK 64-Bit Server VM 1.8.0_191-b12 +jit [linux-amd64]
Updated the packages.
Same version of jruby but package is 1.7.22-5.1.
Sampled some tutorials. Attaching the report because it is tedious reading for a mailing list. The upshot is that the updated jruby continues to work as far as I can see. Nothing to stop it going out.
Created attachment 10729 [details]
A number of very basic tests of jruby.
$ jruby tutorial.rb
Created attachment 10730 [details]
Summary of jruby tests including some code snippets, all at a very basic level.
An update for this issue has been pushed to the Mageia Updates repository.