[ruby-core:66308] [ruby-trunk - Feature #10510] Remove REXML instead of patching it

< ^ > P N |<>| ^ _>< --- | ~ ...Help

Issue #10510 has been updated by Erik Michaels-Ober.


I believe semantic versioning prevents doing this until Ruby 3 is released (many years from now) but I agree that this issue should be added to the Ruby 3 roadmap.

----------------------------------------
Feature #10510: Remove REXML instead of patching it
https://bugs.ruby-lang.org/issues/10510#change-49970

* Author: Michael Grosser
* Status: Open
* Priority: Normal
* Assignee: 
* Category: 
* Target version: 
----------------------------------------
 There have been at least 3 rexml vulerabilities to date,
 having to patch ruby just to make sure it's not being used is taking a lot
 of time/effort.
 
 Afaik most people do not use xml anyway (and especially not rexml), just
 for comparison: it would make much more sense to have json included, but
 it's not.
 
 So let's just drop it & make it a gem.



-- 
https://bugs.ruby-lang.org/