In branch, jruby-9.4, we are using net-imap version 0.2.3, which may have a possible CVE https://nvd.nist.gov/vuln/detail/CVE-2025-43857 (under analysis)
We should bump net-imap to 0.2.5 which has fix: ruby/net-imap#444 or ruby/net-imap#447