Skip to content

Trojaner ALERT for JRuby 9.2.4.0 from repo1.maven.org #5478

New issue
New issue
Closed
Closed
Trojaner ALERT for JRuby 9.2.4.0 from repo1.maven.org#5478
Milestone
JRuby 9.2.4.1
@dosimeta

Description

@dosimeta
dosimeta
opened on Nov 28, 2018

Environment

  • JRuby version: 9.2.4.0
  • Operating system: macOS 10.14.1
  • AntiVirus: BitDefender 7.2.1.6
  • ruby installer: rvm 1.29.4

Expected Behavior

  • Installing a JRuby release must not raise warnings/alerts in security related monitoring
  • the command to install ruby in a terminal: rvm install jruby-9.2.4.0
  • setup of jruby environment successful and operational

Actual Behavior

  • BitDefender antivirus reports a Trojan.GenericKD.40744760 in jrubyw.exe and removed it from my filesystem.
  • As the file is a Windows wrapper executable to host a JVM, it is of no use on macOS and no harm is made on my system.

Remarks

Although, I am not affected during development, I will be unable to deploy this into a production environment at my clients. Any security related incident, will void the affected version from being deployable.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions