puppetlabs / puppet-runtime

runtime dependencies for Vanagon projects
Apache License 2.0
5 stars 88 forks source link

(PA-6901) Bump REXML to 3.3.6 to address CVE-2024-43398 #904

Closed imaqsood closed 2 months ago

imaqsood commented 3 months ago

Testing Done

Index of /puppet-agent/bfc28e8cdae90df15d176185d5ab9ec37777a6cc/artifacts/deb/bionic/puppet7/

joshcooper commented 3 months ago

Does this PR update the rexml gem for both puppet7 and puppet8?

joshcooper commented 3 months ago

Oh I see there's a separate PR for agent-runtime-main https://github.com/puppetlabs/puppet-runtime/pull/901 that relies on this PR?