Now Ruby 1.9.3-p392 is released. I apologize for updating too frequently.
This release includes security fixes about bundled JSON and REXML.
- Denial of Service and Unsafe Object Creation Vulnerability in JSON (CVE-2013-0269)
- Entity expansion DoS vulnerability in REXML (XML bomb, CVE-2013-1821)
And some small bugfixes are also included.
You can download this release from:
SIZE: 10024221 bytes MD5: a810d64e2255179d2f334eb61fb8519c SHA256: 5a7334dfdf62966879bf539b8a9f0b889df6f3b3824fb52a9303c3c3d3a58391
SIZE: 12557294 bytes MD5: f689a7b61379f83cbbed3c7077d83859 SHA256: 8861ddadb2cd30fb30e42122741130d12f6543c3d62d05906cd41076db70975f
SIZE: 13863402 bytes MD5: 212fb3bc41257b41d1f8bfe0725916b7 SHA256: f200ce4a63ce57bea64028a507350717c2a16bdbba6d9538bc69e9e7c2177c8b
Many committers, testers and users who gave bug reports helped me to make this release. Thanks for their contributions.
Posted by usa on 22 Feb 2013