update jruby to 9.4.8.0 (#16278)

https://www.jruby.org/2024/07/02/jruby-9-4-8-0.html > Fixed a bug in the bytecode JIT causing patterns to execute incorrect branches. #8283, #8284 > jruby-openssl is updated to 0.15.0, with updated Bouncy Castle libraries to avoid CVEs in older versions. > uri is updated to 0.12.2, mitigating CVE > net-ftp is updated to 0.3.7 with restored functionality on JRuby. Exhaustive test suite: https://buildkite.com/elastic/logstash-exhaustive-tests-pipeline/builds/580
elastic · Jul 2, 2024 · 121b1c9 · 121b1c9
1 parent a046d3f
commit 121b1c9
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 4 deletions.
diff --git a/logstash-core/logstash-core.gemspec b/logstash-core/logstash-core.gemspec
@@ -56,7 +56,6 @@ Gem::Specification.new do |gem|
   gem.add_runtime_dependency "rack", '~> 3'
   gem.add_runtime_dependency "sinatra", '~> 4'
   gem.add_runtime_dependency 'puma', '~> 6.3', '>= 6.4.2'
-  gem.add_runtime_dependency "jruby-openssl", "~> 0.14.1"
   gem.add_runtime_dependency 'ruby-maven-libs', '~> 3', '>= 3.8.9'
 
 

diff --git a/rakelib/artifacts.rake b/rakelib/artifacts.rake
@@ -102,6 +102,10 @@ namespace "artifact" do
     # exclude ruby-maven-libs 3.3.9 jars until JRuby ships with >= 3.8.9
     @exclude_paths << 'vendor/bundle/jruby/**/gems/ruby-maven-libs-3.3.9/**/*'
 
+    # remove this after JRuby includes rexml 3.3.x
+    @exclude_paths << 'vendor/jruby/lib/ruby/gems/shared/gems/rexml-3.2.5/**/*'
+    @exclude_paths << 'vendor/jruby/lib/ruby/gems/shared/specifications/rexml-3.2.5.gemspec'
+
     @exclude_paths
   end
 

diff --git a/rubyUtils.gradle b/rubyUtils.gradle
@@ -25,7 +25,7 @@ buildscript {
     dependencies {
         classpath "org.yaml:snakeyaml:${snakeYamlVersion}"
         classpath "de.undercouch:gradle-download-task:4.0.4"
-        classpath "org.jruby:jruby-core:9.4.7.0"
+        classpath "org.jruby:jruby-core:9.4.8.0"
     }
 }
 

diff --git a/versions.yml b/versions.yml
@@ -13,8 +13,8 @@ bundled_jdk:
 # jruby must reference a *released* version of jruby which can be downloaded from the official download url
 # *and* for which jars artifacts are published for compile-time
 jruby:
-  version: 9.4.7.0
-  sha1: ea3b99edcb48ed436173977551a113759541c18c
+  version: 9.4.8.0
+  sha1: 57089c106c6d0ad09a00db519ab1e984ea716d13
 # jruby-runtime-override, if specified, will override the jruby version installed in vendor/jruby
 #jruby-runtime-override:
 #  url: https://oss.sonatype.org/content/repositories/snapshots/org/jruby/jruby-dist/9.3.0.0-SNAPSHOT/jruby-dist-9.3.0.0-20210723.214927-259-bin.tar.gz