The JRuby community is pleased to announce the release of JRuby 1.7.16.2
- Homepage: http://www.jruby.org/
- Download: Downloads — JRuby.org
JRuby 1.7.16.2 is our eighteenth update release since JRuby 1.7.0. The
primary goal of 1.7 point releases is to fill out any missing
compatibility
issues with Ruby 1.9.3.
1.7.16.2 is a security fix release for CVE-2014-8090
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8090. All users
are strongly recommended to upgrade. For more information, check out the
excellent write up on www.ruby-lang.org
https://www.ruby-lang.org/en/news/2014/11/13/rexml-dos-cve-2014-8090/.
For those wondering, JRuby 1.7.17 is going to be out tomorrow (barring
any
last minute showstoppers). This will include not only this security fix
but
almost 2 months of bug fixes.