net-imap: Update 0.3.9->0.4.24#168
Draft
Sharpie wants to merge 1 commit intoOpenVoxProject:mainfrom
Draft
Conversation
Sharpie
commented
May 9, 2026
| 'https://rubygems.org/downloads/net-imap-0.4.24.gem', | ||
| { | ||
| # NOTE: Has to be MD5 due to vanagon limitations. | ||
| sum: 'dfe894c164fcef8eb7145f0dd3b9ce4f', |
Contributor
Author
There was a problem hiding this comment.
I've put this in draft status for now as the MD5 sum can be swapped out for SHA256 if the following PR to Vanagon is merged:
Sharpie
force-pushed
the
update-net-imap-0424
branch
from
aa762aa to
48e966a
Compare
This commit upgrades the bundled net-imap gem in Ruby 3.2.11 from the original version of 0.3.9 to 04.24. This release contains a fix for the following high-severity issue with STARTTLS: - GHSA-vcgp-9326-pqcp There will be no further upstream releases to Ruby 3.2, thus we have to upgrade this gem ourselves. The 0.4.0 release has a few breaking changes, however there are several issues with the 0.3.10 version of `net-imap`: - It will be the last release to `net-imap` 0.3.x - The 0.3.x releases will not install in containerized build environments where the default locale is set to `POSIX` (Debian). This was resloved in the 0.4.3 release by: ruby/net-imap#210 - The 0.4.24 release contains fixes for additional medium-to-low severity issues: * GHSA-hm49-wcqc-g2xg * GHSA-q2mw-fvj9-vvcw * GHSA-87pf-fpwv-p7m7 * GHSA-75xq-5h9v-w6px CVE-2026-42246 CVE-2026-42257 CVE-2026-42256 CVE-2026-42258 CVE-2026-42245 Signed-off-by: Charlie Sharpsteen <charlie@overlookinfratech.com>
Sharpie
force-pushed
the
update-net-imap-0424
branch
from
48e966a to
bedc97b
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This commit upgrades the bundled net-imap gem in Ruby 3.2.11 from the original version of 0.3.9 to 04.24. This release contains a fix for the following high-severity issue with STARTTLS:
There will be no further upstream releases to Ruby 3.2, thus we have to upgrade this gem ourselves. The 0.4.0 release has a few breaking changes, however there are several issues with the 0.3.10 version of
net-imap:It will be the last release to
net-imap0.3.xThe 0.3.x releases will not install in containerized build environments where the default locale is set to
POSIX(Debian). This was resloved in the 0.4.3 release by: Set utf-8 encoding when looking for VERSION in the file. ruby/net-imap#210The 0.4.24 release contains fixes for additional medium-to-low severity issues:
CVE-2026-42246
CVE-2026-42257
CVE-2026-42256
CVE-2026-42258
CVE-2026-42245
Checklist
I have:
Signed-off-byannotation to each of my commits