Issue #10510 has been updated by Erik Michaels-Ober. I believe semantic versioning prevents doing this until Ruby 3 is released (many years from now) but I agree that this issue should be added to the Ruby 3 roadmap. ---------------------------------------- Feature #10510: Remove REXML instead of patching it https://bugs.ruby-lang.org/issues/10510#change-49970 * Author: Michael Grosser * Status: Open * Priority: Normal * Assignee: * Category: * Target version: ---------------------------------------- There have been at least 3 rexml vulerabilities to date, having to patch ruby just to make sure it's not being used is taking a lot of time/effort. Afaik most people do not use xml anyway (and especially not rexml), just for comparison: it would make much more sense to have json included, but it's not. So let's just drop it & make it a gem. -- https://bugs.ruby-lang.org/