Jruby 1.7 has a CVE issue, do we have any plan to upgrade Jruby from 1.7 to 9.0?

junegunn / redis-stat

(UNMAINTAINED) A real-time Redis monitoring tool

MIT License

2.02k stars 339 forks source link

Jruby 1.7 has a CVE issue, do we have any plan to upgrade Jruby from 1.7 to 9.0? #79

Open suaha opened 4 years ago

suaha commented 4 years ago

/redis/src/main/docker/redis-stat-0.4.14.jar/META-INF/lib/jruby-stdlib-1.7.19.jar/META-INF/jruby.home/lib/ruby/shared/org/bouncycastle/bcprov-jdk15on/1.47/bcprov-jdk15on-1.47.jar

CWE-502 Deserialization of Untrusted Data: CVE-2018-1000613