Skip to content

Commit 0e597b8

Browse files
ptzieglerptziegler
committed
Update JRuby to 9.4.14.0
When verifying SSL certificates, jruby-openssl is not verifying that the hostname presented in the certificate matches the one we are trying to connect to, meaning a MITM could just present any valid cert for a completely different domain they own, and JRuby wouldn't complain. While this likely isn't relevant for the AsciiDoc generation, it is still flagged by GitHub as potential vulnerability.
1 parent 0e93c5b commit 0e597b8

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@
1919
<comparator.repo>https://download.eclipse.org/tools/gef/classic/release/3.25.0</comparator.repo>
2020
<surefire.timeout>300</surefire.timeout>
2121
<asciidoctor-maven-plugin.version>3.2.0</asciidoctor-maven-plugin.version>
22-
<jruby.version>9.4.5.0</jruby.version>
22+
<jruby.version>9.4.14.0</jruby.version>
2323
<target-platform>../target-platform/GEF_classic.target</target-platform>
2424
<execution-environment>JavaSE-21</execution-environment>
2525
<!-- SonarQube configuration -->

0 commit comments

Comments
 (0)