[FOLIO-3164] jenkins-slave-docker: Ruby 2.4 security maintenance phase has ended Created: 17/May/21  Updated: 13/Jul/21  Resolved: 08/Jul/21

Status: Closed
Project: FOLIO
Components: Continuous Integration
Affects versions: None
Fix versions: None

Type: Bug Priority: P4
Reporter: Julian Ladisch Assignee: David Crossley
Resolution: Done Votes: 0
Labels: security, security-reviewed
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Issue links:
Defines
is defined by FOLIO-3228 Cleanup and upgrade/rebuild Dockerfil... Closed
Sprint: DevOps Sprint 118
Development Team: FOLIO DevOps

 Description   

https://www.ruby-lang.org/en/news/2020/03/31/ruby-2-4-10-released/
**

Ruby 2.4 is now under the state of the security maintenance phase, until the end of March of 2020. After that date, maintenance of Ruby 2.4 will be ended. Thus, this release would be the last of Ruby 2.4 series. We recommend you immediately upgrade Ruby to newer versions, such as 2.7 or 2.6 or 2.5.

https://github.com/folio-org/folio-tools/blob/f8044fa6dfb7ddfe9c33ad1c8838ed2873849aaf/jenkins-slave-docker/Dockerfile.focal-java-11

installs Ruby 2.4.2 and 2.4.3.



 Comments   
Comment by Mike Gorrell [ 21/May/21 ]

John Malconian do you have a sense for the priority/urgency of this issue? The Security Team doesn't have a feel for it.

Comment by John Malconian [ 24/May/21 ]

Not urgent. The FOLIO project no longer has any Ruby modules. Ruby can be dropped entirely from the FOLIO Jenkins build image the next time it is updated.

Generated at Thu Feb 08 23:26:05 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.