Recent News
CVE-2026-46727: Use-after-free in pthread-based getaddrinfo timeout handler
A use-after-free vulnerability has been discovered in the pthread-based getaddrinfo timeout handler of Ruby. This vulnerability has been assigned the CVE identifier CVE-2026-46727. This issue has been fixed in Ruby 4.0.5. We recommend upgrading Ruby.
Posted by hsbt on 20 May 2026
CVE-2026-41316: ERB @_init deserialization guard bypass via def_module / def_method / def_class
We published security advisory for CVE-2026-41316.
Posted by k0kubun on 21 Apr 2026
Ruby 3.2.11 Released
Ruby 3.2.11 has been released. This release includes an update to the zlib gem addressing CVE-2026-27820.
Posted by hsbt on 27 Mar 2026
Ruby 3.3.11 Released
Ruby 3.3.11 has been released. This release includes an update to the zlib gem addressing CVE-2026-27820, along with some bug fixes.
Posted by hsbt on 26 Mar 2026