Issue #17303 has been updated by Eregon (Benoit Daloze).


It seems like the more fundamental thing we need is more maintainers for WEBrick.
Even if it's removed from stdlib, people will still install it for some existing use cases.

----------------------------------------
Feature #17303: Make webrick to bundled gems or remove from stdlib
https://bugs.ruby-lang.org/issues/17303#change-88338

* Author: hsbt (Hiroshi SHIBATA)
* Status: Open
* Priority: Normal
* Assignee: hsbt (Hiroshi SHIBATA)
----------------------------------------
I propose to make webrick to bundled gems or remove from stdlib of ruby.

We have a several issues related vulnerabilities in webrick gem.

https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/

The ruby core team don't have enough time to handle them. We should remove webrick from default gems at least.

Patch for this feature: https://github.com/ruby/ruby/pull/3729



-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request / ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>