Ruby 3.1.2 Released
Ruby 3.1.2 has been released.
Posted by naruse and mame on 12 Apr 2022
CVE-2022-28738: Double free in Regexp compilation
A double-free vulnerability is discovered in Regexp compilation. This vulnerability has been assigned the CVE identifier CVE-2022-28738. We strongly recommend upgrading Ruby.
Posted by mame on 12 Apr 2022
CVE-2022-28739: Buffer overrun in String-to-Float conversion
A buffer-overrun vulnerability is discovered in a conversion algorithm from a String to a Float. This vulnerability has been assigned the CVE identifier CVE-2022-28739. We strongly recommend upgrading Ruby.
Posted by mame on 12 Apr 2022