thanks for the note. The short answer is that we don’t feel it’s a
particularly bad bug; there’s a very limited set of circumstances that
would enable someone to exploit this. The longer answer is that we should
have updated for 12.3.0, but I didn’t realise we weren’t up to date until
it went out.
I’ve just created https://github.com/chef/omnibus-chef/pull/381 to update
to 2.1.6, and we’ll pick this up for chef in 12.4.0 (or 12.3.1 if there’s a
need to do a point release) in a couple of weeks.
On Thu, Apr 30, 2015 at 7:19 AM, Ryan Hass firstname.lastname@example.org wrote:
Does anyone know if the ruby version in the omnibus installers is going to
be upgraded to 2.1.6? I am not sure how big of an issue this is:
I would like to submit a PR for this, but I am not really sure what to
change and in which repos – any information would be appreciated.