You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This vulnerability (detailed here) causes problems with Kernel#spawn when the options hash is used to redirect the default file descriptors for the child process. This does not occur in MRI, presumably because it is actually FFI that is causing the issue (which MRI doesn't need to make system calls). I don't believe any action can be taken by the jRuby team to resolve this, as the issue is caused by a vulnerability in glibc versions prior to 2.20. Any users suffering from this problem should update glibc to 2.20+.
The text was updated successfully, but these errors were encountered:
Yeah, release notes don't seem quite right either since this affects any JRuby 9k release -- past, present, and future -- on a system without glibc. Perhaps best we can do is tweet + email and these bugs.
This vulnerability (detailed here) causes problems with Kernel#spawn when the options hash is used to redirect the default file descriptors for the child process. This does not occur in MRI, presumably because it is actually FFI that is causing the issue (which MRI doesn't need to make system calls). I don't believe any action can be taken by the jRuby team to resolve this, as the issue is caused by a vulnerability in glibc versions prior to 2.20. Any users suffering from this problem should update glibc to 2.20+.
The text was updated successfully, but these errors were encountered: