Package: jruby
Severity: important
(This bug isn't really actionable yet, as it depends on #926278 getting fixed
in src:ruby2.5)
Please don't use the bundled rubygems any longer, but instead a copy shared
with the C-based Ruby interpreter.
Given that most of the security issues in the C-based interpreter don't
affect Jruby (apart from the rubygems) this will considerably reduce the
overhead for keeping jruby updated in stable/oldstable.
I spoke to upstream (CCed) earlier and they confirmed that jruby bundles
the rubygems unmodified, so that should not cause any run time issues.
Cheers,
Moritz
__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
Please use
debian-j...@lists.debian.org for discussions and questions.
