Security issues have been announced on February 7: https://www.openwall.com/lists/oss-security/2022/02/07/3 It sounds like it's referring to the ruby-selenium-webdriver package as "Selenium server/Grid" and it says the issues have had CVEs requested and are fixed upstream in version 4. Mageia 8 is also affected.
Status comment: (none) => Fixed upstream in 4Whiteboard: (none) => MGA8TOO
Coincidence, another for Pascal. Although not officially your baby, you have done this SRPM over the years.
Assignee: bugsquad => pterjan
CVE-2022-28108 and CVE-2022-28109 have been assigned: https://www.openwall.com/lists/oss-security/2022/04/16/1
Summary: ruby-selenium-webdriver new security issues fixed upstream in 4 => ruby-selenium-webdriver new security issues fixed upstream in 4 (CVE-2022-2810[89])
I had missed that bug but I am not sure this ruby package is impacted. Looking into those 2 CVE they are about a standalone java server: https://www.gabriel.urdhr.fr/2022/02/07/selenium-standalone-server-csrf-dns-rebinding-rce/ The ruby part is only a client (see https://www.selenium.dev/downloads/)
Looks like you're correct.
Status: NEW => RESOLVEDResolution: (none) => INVALID