Skip to content

Bump REXML to 3.3.6 to address CVE-2024-43398 #2551

New issue
New issue
Closed
Closed
Bump REXML to 3.3.6 to address CVE-2024-43398#2551
Labels
bugSomething isn't workingtriagedJira issue has been created for this
@cthorn42

Description

@cthorn42
cthorn42
opened on Aug 22, 2024

Our puppet-runtime for both puppet-agent 7.x and puppet-agent main are using REXML 3.3.4, https://github.com/puppetlabs/puppet-runtime/blob/38fc20bfbe8025e06645db2eab087b48a052b9ec/configs/components/rubygem-rexml.rb#L2.
A recently announced CVE, https://www.cve.org/CVERecord?id=CVE-2024-43398, means we need to bump the REXML we're using.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingtriagedJira issue has been created for this

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions