2018 Archives

Support of Ruby 2.2 has ended

We announce that all support of the Ruby 2.2 series has ended.

Continue Reading...

Ruby 2.6.0-preview2 Released

We are pleased to announce the release of Ruby 2.6.0-preview2.

Continue Reading...

Ruby 2.5.1 Released

Ruby 2.5.1 has been released.

Continue Reading...

Ruby 2.4.4 Released

Ruby 2.4.4 has been released.

Continue Reading...

Ruby 2.3.7 Released

Ruby 2.3.7 has been released.

Continue Reading...

Ruby 2.2.10 Released

Ruby 2.2.10 has been released. This release includes several security fixes. Please check the topics below for details.

Continue Reading...

CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir

There is an unintentional directory creation vulnerability in tmpdir library bundled with Ruby. And there is also an unintentional file creation vulnerability in tempfile library bundled with Ruby, because it uses tmpdir internally. This vulnerability has been assigned the CVE identifier CVE-2018-6914.

Continue Reading...

CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket

There is a unintentional socket creation vulnerability in UNIXServer.open method of socket library bundled with Ruby. And there is also a unintentional socket access vulnerability in UNIXSocket.open method. This vulnerability has been assigned the CVE identifier CVE-2018-8779.

Continue Reading...

CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir

There is an unintentional directory traversal in some methods in Dir. This vulnerability has been assigned the CVE identifier CVE-2018-8780.

Continue Reading...

CVE-2018-8777: DoS by large request in WEBrick

There is a out-of-memory DoS vulnerability with a large request in WEBrick bundled with Ruby. This vulnerability has been assigned the CVE identifier CVE-2018-8777.

Continue Reading...

CVE-2017-17742: HTTP response splitting in WEBrick

There is an HTTP response splitting vulnerability in WEBrick bundled with Ruby. This vulnerability has been assigned the CVE identifier CVE-2017-17742.

Continue Reading...

CVE-2018-8778: Buffer under-read in String#unpack

There is a buffer under-read vulnerability in String#unpack method. This vulnerability has been assigned the CVE identifier CVE-2018-8778.

Continue Reading...

Ruby 2.6.0-preview1 Released

We are pleased to announce the release of Ruby 2.6.0-preview1.

Continue Reading...

Multiple vulnerabilities in RubyGems

There are multiple vulnerabilities in RubyGems bundled by Ruby. It is reported at the official blog of RubyGems.

Continue Reading...