ylecuyer
commented
2 years ago Btw torquebox.org has been defaced and it breaks the CI pipeleine :man_shrugging:
Closed ylecuyer closed 1 year ago
ylecuyer
commented
2 years ago Btw torquebox.org has been defaced and it breaks the CI pipeleine :man_shrugging:
ylecuyer
commented
2 years ago Found this tweet https://mobile.twitter.com/jruby/status/1216832621000282112 pointing at the alternative but it looks like it wasn't longterm in the end :(
headius
commented
1 year ago I have an update happening in #9 to JRuby 9.4.3 so I think this is not an issue anymore.
The repository proxies will never go back up because mavengem works fine; #9 also updates it to use newer rubygems.org APIs.
headius
commented
1 year ago Resolved via #9.
Upgrade jruby because it transitively download jruby-stdlib which bundles a jar of snakeyaml containing CVE-2022-25857