Issue #17303 has been updated by hsbt (Hiroshi SHIBATA).

Status changed from Assigned to Closed

Removed at https://github.com/ruby/ruby/pull/3729

I'm going to resolve the issues related this until the final release of Ruby 3.0.

----------------------------------------
Feature #17303: Remove webrick from stdlib
https://bugs.ruby-lang.org/issues/17303#change-89148

* Author: hsbt (Hiroshi SHIBATA)
* Status: Closed
* Priority: Normal
* Assignee: hsbt (Hiroshi SHIBATA)
* Target version: 3.0
----------------------------------------
I propose to move webrick to bundled gems or remove it from stdlib of ruby.

We have several vulnerability issues in webrick gem.

https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/

The ruby core team don't have enough time to handle them. We should remove webrick from default gems at least.

Patch for this feature: https://github.com/ruby/ruby/pull/3729



-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request / ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>