Recent News

Ruby 3.0.3 Released

Ruby 3.0.3 has been released.

Continue Reading...

Ruby 2.7.5 Released

Ruby 2.7.5 has been released.

Continue Reading...

Ruby 2.6.9 Released

Ruby 2.6.9 has been released.

Continue Reading...

CVE-2021-41819: Cookie Prefix Spoofing in CGI::Cookie.parse

A cookie prefix spoofing vulnerability was discovered in CGI::Cookie.parse. This vulnerability has been assigned the CVE identifier CVE-2021-41819. We strongly recommend upgrading Ruby.

Continue Reading...

CVE-2021-41816: Buffer Overrun in CGI.escape_html

A buffer overrun vulnerability was discovered in CGI.escape_html. This vulnerability has been assigned the CVE identifier CVE-2021-41816. We strongly recommend upgrading Ruby.

Continue Reading...

CVE-2021-41817: Regular Expression Denial of Service Vulnerability of Date Parsing Methods

We have released date gem version 3.2.1, 3.1.2, 3.0.2, and 2.0.1 that include a security fix for a regular expression denial of service vulnerability (ReDoS) on date parsing methods. An attacker can exploit this vulnerability to cause an effective DoS attack. This vulnerability has been assigned the CVE identifier CVE-2021-41817.

Continue Reading...

Ruby 3.1.0 Preview 1 Released

We are pleased to announce the release of Ruby .

Continue Reading...

2022 Fukuoka Ruby Award Competition - Entries to be judged by Matz

Dear Ruby Enthusiasts,

Continue Reading...

CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP

A trusting FTP PASV responses vulnerability was discovered in Net::FTP. This vulnerability has been assigned the CVE identifier CVE-2021-31810. We strongly recommend upgrading Ruby.

Continue Reading...

CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP

A StartTLS stripping vulnerability was discovered in Net::IMAP. This vulnerability has been assigned the CVE identifier CVE-2021-32066. We strongly recommend upgrading Ruby.

Continue Reading...