Support of Ruby 2.2 has ended
We announce that all support of the Ruby 2.2 series has ended.
Posted by antonpaisov on 20 Jun 2018
Ruby 2.6.0-preview2 Released
We are pleased to announce the release of Ruby 2.6.0-preview2.
Posted by naruse on 31 May 2018
Ruby 2.2.10 Released
Ruby 2.2.10 has been released. This release includes several security fixes. Please check the topics below for details.
Posted by usa on 28 Mar 2018
CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir
There is an unintentional directory creation vulnerability in tmpdir library bundled with Ruby. And there is also an unintentional file creation vulnerability in tempfile library bundled with Ruby, because it uses tmpdir internally. This vulnerability has been assigned the CVE identifier CVE-2018-6914.
Posted by usa on 28 Mar 2018
CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket
There is a unintentional socket creation vulnerability in UNIXServer.open method of socket library bundled with Ruby.
And there is also a unintentional socket access vulnerability in UNIXSocket.open method.
This vulnerability has been assigned the CVE identifier CVE-2018-8779.
Posted by usa on 28 Mar 2018
CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir
There is an unintentional directory traversal in some methods in Dir.
This vulnerability has been assigned the CVE identifier CVE-2018-8780.
Posted by usa on 28 Mar 2018
CVE-2018-8777: DoS by large request in WEBrick
There is a out-of-memory DoS vulnerability with a large request in WEBrick bundled with Ruby. This vulnerability has been assigned the CVE identifier CVE-2018-8777.
Posted by usa on 28 Mar 2018