Closed ylecuyer closed 1 year ago
Btw torquebox.org has been defaced and it breaks the CI pipeleine :man_shrugging:
Found this tweet https://mobile.twitter.com/jruby/status/1216832621000282112 pointing at the alternative but it looks like it wasn't longterm in the end :(
I have an update happening in #9 to JRuby 9.4.3 so I think this is not an issue anymore.
The repository proxies will never go back up because mavengem works fine; #9 also updates it to use newer rubygems.org APIs.
Resolved via #9.
Upgrade jruby because it transitively download jruby-stdlib which bundles a jar of snakeyaml containing CVE-2022-25857