Fix Net::IMAP vulnerable to possible DoS by memory exhaustion. (CVE-2025-25186)
Fix Denial of Service in CGI::Cookie.parse. (CVE-2025-27219)
Fix userinfo leakage in URI#join, URI#merge and URI#+. (CVE-2025-27221)
Resolves: RHEL-68632
Fix DoS vulnerability in rexml.
(CVE-2024-39908)
(CVE-2024-41946)
(CVE-2024-43398)
Fix REXML DoS when parsing an XML having many specific characters such as
whitespace character, >] and ]>.
(CVE-2024-41123)
Upgrade by merging Fedora changes up to commit:
b7e197fb88
Exclude:
- Generate RPM dependencies with RPM 4.20 API
6bed1e3bd5
We don't have new enough RPM.
Resolves: RHEL-55409
Resolves: RHEL-57049
Resolves: RHEL-52783
Resolves: RHEL-57054
Resolves: RHEL-57069
Fix buffer overread vulnerability in StringIO.
(CVE-2024-27280)
Fix RCE vulnerability with .rdoc_options in RDoc.
(CVE-2024-27281)
Fix Arbitrary memory address read vulnerability with Regex search.
(CVE-2024-27282)
Ruby bundled NKF, add appropriate `bundled` provide and test
License review and clarification
Upgrade by merging Fedora changes up to commit:
ff5301a5f3
Resolves: RHEL-37446
Resolves: RHEL-37448
Resolves: RHEL-37449
Resolves: RHEL-37447
