Recent News

Ruby 2.5.1 Released

Ruby 2.5.1 has been released.

Continue Reading...

Ruby 2.4.4 Released

Ruby 2.4.4 has been released.

Continue Reading...

Ruby 2.3.7 Released

Ruby 2.3.7 has been released.

Continue Reading...

Ruby 2.2.10 Released

Ruby 2.2.10 has been released. This release includes several security fixes. Please check the topics below for details.

Continue Reading...

CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir

There is an unintentional directory creation vulnerability in tmpdir library bundled with Ruby. And there is also an unintentional file creation vulnerability in tempfile library bundled with Ruby, because it uses tmpdir internally. This vulnerability has been assigned the CVE identifier CVE-2018-6914.

Continue Reading...

CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket

There is a unintentional socket creation vulnerability in UNIXServer.open method of socket library bundled with Ruby. And there is also a unintentional socket access vulnerability in UNIXSocket.open method. This vulnerability has been assigned the CVE identifier CVE-2018-8779.

Continue Reading...

CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir

There is an unintentional directory traversal in some methods in Dir. This vulnerability has been assigned the CVE identifier CVE-2018-8780.

Continue Reading...

CVE-2018-8777: DoS by large request in WEBrick

There is a out-of-memory DoS vulnerability with a large request in WEBrick bundled with Ruby. This vulnerability has been assigned the CVE identifier CVE-2018-8777.

Continue Reading...

CVE-2017-17742: HTTP response splitting in WEBrick

There is an HTTP response splitting vulnerability in WEBrick bundled with Ruby. This vulnerability has been assigned the CVE identifier CVE-2017-17742.

Continue Reading...

CVE-2018-8778: Buffer under-read in String#unpack

There is a buffer under-read vulnerability in String#unpack method. This vulnerability has been assigned the CVE identifier CVE-2018-8778.

Continue Reading...