Updated jruby packages has been released for Debian GNU/Linux 9 to address several vulnerabilities. They would allow an attacker to use specially crafted gem files to mount cross-site scripting attacks, cause denial of service through an infinite loop, write arbitrary files, or run malicious code.

 Jruby Security Update for Debian 9