As long as #166 remains open, JRuby users are stuck with the old version 2.1.0, which is still vulnerable to CVE-2018-3740. Also see discussion here. I'm willing to work on backporting the fix, and have forked/checked out a branch to work on this which imports the relevant tests from master. @rgrove could you perhaps create a 2.x branch on this repository so I can open a PR against it, where we could discuss further?
rgrove
commented
6 years ago
As long as #166 remains open,
JRubyusers are stuck with the old version2.1.0, which is still vulnerable to CVE-2018-3740. Also see discussion here. I'm willing to work on backporting the fix, and have forked/checked out a branch to work on this which imports the relevant tests frommaster. @rgrove could you perhaps create a2.xbranch on this repository so I can open a PR against it, where we could discuss further?