Hi, We’ve been going through a number of CVEs reported using a Qualys cloud agent and along the way I found that ruby 2.7 was EOL March 31 of this year. Is there any danger of upgrading ruby to 3.0 on the OOD server? We’re still on ondemand v2.0.32
Nodejs:14 security updates was also EOL as of April 30.
Kenny
OOD 3.0 switches to ruby 3 specifically to get ahead of this. There’s also been some issues in the upgrade with desktops after the upgrade, but that seems to be effecting people that were still using python2, but this upgrade to 3.0 also forces a change to use python3 because that is EOL as well.
This was partly the reason for the major release instead of a minor, along with some other big feature changes.
Fore node14, we are currently in the middle of making that change to I believe 18 and you can see the conversation and PR that went into this here:
Sweet, thanks for the quick followup, Travis. ITSecurity is running a bit paranoid these days after our cyberattack and they’ve asked we be diligent in remedying EOL software. Our OOD server is locked down pretty good. My maintenance window begins July 30th where we planned on upgrading to ondemand v3.x
Kenny
This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.