JRuby 9.3.9.0 Released
Monday, October 24 2022
The JRuby community is pleased to announce the release of JRuby 9.3.9.0
- Homepage: https://www.jruby.org/
- Download: https://www.jruby.org/download
JRuby 9.3.x is compatible with Ruby 2.6.x and stays in sync with C Ruby. As always there is a mix of miscellaneous fixes so be sure to read the issue list below.
Thanks to our contributors this cycle for helping to improve stability and compatibility of JRuby 9.3: @chadlwilson, @coheigea
Standard Library
- rdoc has been updated to 6.3.3 to fix all known CVEs. (#7396, #7404)
- rexml has been updated to 3.2.5 to fix all known CVEs. (#7395, #7405)
- jruby-openssl has been updated to 0.14.0 to fix weak HMAC key hashing in bouncycastle, which itself is updated to 1.71. (#7335, #7385, #7399)
- psych has been updated to 3.3.4 to fix CVE-2022-38752 in the SnakeYAML library, which itself is updated to 1.33. (#7386, #7388, #7400)
- rubygems has been updated to 3.2.33 and bundler updated to 2.2.33 to address CVE-2021-43809. (#7397, #7401)
Github Issues resolved for 9.3.9.0
- #5588 - OpenSSL::PKey::RSA.new without password results in terminal input failure
- #7335 - Upgrade jruby-openssl to 0.14.0
- #7367 - StringIO ignores external encoding on Windows
- #7380 - [Tiny issue] swing2.rb example at https://github.com/jruby/jruby/blob/master/samples/swing2.rb has a warning, “swing.rb:4: warning: import is deprecated; use java_import”
- #7385 - Updating jruby-openssl to 0.14.0
- #7386 - Update SnakeYaml to 1.32+ due to CVE-2022-38752
- #7388 - Update to Psych 3.3.4
- #7395 - Update embedded rexml in jruby-complete
- #7396 - Update rdoc in jruby-complete
- #7397 - Update bundler in jruby-complete
- #7399 - Update bouncycastle in jruby-complete
- #7400 - Update snakeyaml in jruby-complete
- #7401 - [deps] update Bundler/Rubygems to latest patch
- #7404 - Update rdoc to 6.3.3 to fix known CVEs
- #7405 - Update rexml to 3.2.5 to fix known CVEs
- #7406 - Time.at with fractional seconds and :in doubles timezone offset
- #7407 - Better match CRuby zone negotiation
- #7416 - Regexp new none option
The JRuby community is pleased to announce the release of JRuby 9.3.9.0
- Homepage: https://www.jruby.org/
- Download: https://www.jruby.org/download
JRuby 9.3.x is compatible with Ruby 2.6.x and stays in sync with C Ruby. As always there is a mix of miscellaneous fixes so be sure to read the issue list below.
Thanks to our contributors this cycle for helping to improve stability and compatibility of JRuby 9.3: @chadlwilson, @coheigea
Standard Library
- rdoc has been updated to 6.3.3 to fix all known CVEs. (#7396, #7404)
- rexml has been updated to 3.2.5 to fix all known CVEs. (#7395, #7405)
- jruby-openssl has been updated to 0.14.0 to fix weak HMAC key hashing in bouncycastle, which itself is updated to 1.71. (#7335, #7385, #7399)
- psych has been updated to 3.3.4 to fix CVE-2022-38752 in the SnakeYAML library, which itself is updated to 1.33. (#7386, #7388, #7400)
- rubygems has been updated to 3.2.33 and bundler updated to 2.2.33 to address CVE-2021-43809. (#7397, #7401)
Github Issues resolved for 9.3.9.0
- #5588 - OpenSSL::PKey::RSA.new without password results in terminal input failure
- #7335 - Upgrade jruby-openssl to 0.14.0
- #7367 - StringIO ignores external encoding on Windows
- #7380 - [Tiny issue] swing2.rb example at https://github.com/jruby/jruby/blob/master/samples/swing2.rb has a warning, “swing.rb:4: warning: import is deprecated; use java_import”
- #7385 - Updating jruby-openssl to 0.14.0
- #7386 - Update SnakeYaml to 1.32+ due to CVE-2022-38752
- #7388 - Update to Psych 3.3.4
- #7395 - Update embedded rexml in jruby-complete
- #7396 - Update rdoc in jruby-complete
- #7397 - Update bundler in jruby-complete
- #7399 - Update bouncycastle in jruby-complete
- #7400 - Update snakeyaml in jruby-complete
- #7401 - [deps] update Bundler/Rubygems to latest patch
- #7404 - Update rdoc to 6.3.3 to fix known CVEs
- #7405 - Update rexml to 3.2.5 to fix known CVEs
- #7406 - Time.at with fractional seconds and :in doubles timezone offset
- #7407 - Better match CRuby zone negotiation
- #7416 - Regexp new none option