Update rexml to fix CVE-2024-49761 (!171537) · Merge requests · GitLab.org / GitLab

What does this MR do and why?

Update rexml to fix CVE-2024-49761 in several gemfiles.

https://my.diffend.io/gems/rexml/3.3.8/3.3.9

We were already at 3.3.8 following Update rexml to fix CVE-2024-41946 (!169632 - merged)

From the advisories in https://gitlab.com/gitlab-org/gitlab/-/security/vulnerabilities/144430558 we can see that the vulnerability does not affect Ruby 3.2 so we are safe. Upgrading anyway to please the security scanners.

References

Please include cross links to any resources that are relevant to this MR This will give reviewers and future readers helpful context to give an efficient review of the changes introduced.

https://gitlab.com/gitlab-org/gitlab/-/security/vulnerabilities/144430558
https://my.diffend.io/gems/rexml/3.3.8/3.3.9

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

N/A

How to set up and validate locally

N/A

Edited Nov 04, 2024 by Dominic Couture

Update rexml to fix CVE-2024-49761

What does this MR do and why?

References

MR acceptance checklist

Screenshots or screen recordings

How to set up and validate locally

Merge request reports