2018 Archives
Ruby 2.6.0 Released
We are pleased to announce the release of Ruby 2.6.0.
Posted by naruse on 25 Dec 2018
Ruby 2.6.0-rc2 Released
We are pleased to announce the release of Ruby 2.6.0-rc2.
Posted by naruse on 15 Dec 2018
Ruby 2.6.0-rc1 Released
We are pleased to announce the release of Ruby 2.6.0-rc1.
Posted by naruse on 6 Dec 2018
2019 Fukuoka Ruby Award Competition - Entries to be judged by Matz
Dear Ruby Enthusiasts,
Posted by Fukuoka Ruby on 29 Nov 2018
The official Ruby snap is available
We released the official snap package of the Ruby language.
Posted by Hiroshi SHIBATA on 8 Nov 2018
Ruby 2.6.0-preview3 Released
We are pleased to announce the release of Ruby 2.6.0-preview3.
Posted by naruse on 6 Nov 2018
CVE-2018-16395: OpenSSL::X509::Name equality check does not work correctly
The equality check of OpenSSL::X509::Name is not correct in the openssl
extension library bundled with Ruby.
This vulnerability has been assigned the CVE identifier
CVE-2018-16395.
Posted by usa on 17 Oct 2018
CVE-2018-16396: Tainted flags are not propagated in Array#pack and String#unpack with some directives
In Array#pack and String#unpack with some formats, the tainted flags
of the original data are not propagated to the returned string/array.
This vulnerability has been assigned the CVE identifier
CVE-2018-16396.
Posted by usa on 17 Oct 2018
Support of Ruby 2.2 has ended
We announce that all support of the Ruby 2.2 series has ended.
Posted by antonpaisov on 20 Jun 2018
Ruby 2.6.0-preview2 Released
We are pleased to announce the release of Ruby 2.6.0-preview2.
Posted by naruse on 31 May 2018
Ruby 2.2.10 Released
Ruby 2.2.10 has been released. This release includes several security fixes. Please check the topics below for details.
Posted by usa on 28 Mar 2018
CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir
There is an unintentional directory creation vulnerability in tmpdir library bundled with Ruby. And there is also an unintentional file creation vulnerability in tempfile library bundled with Ruby, because it uses tmpdir internally. This vulnerability has been assigned the CVE identifier CVE-2018-6914.
Posted by usa on 28 Mar 2018
CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket
There is a unintentional socket creation vulnerability in UNIXServer.open method of socket library bundled with Ruby.
And there is also a unintentional socket access vulnerability in UNIXSocket.open method.
This vulnerability has been assigned the CVE identifier CVE-2018-8779.
Posted by usa on 28 Mar 2018
CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir
There is an unintentional directory traversal in some methods in Dir.
This vulnerability has been assigned the CVE identifier CVE-2018-8780.
Posted by usa on 28 Mar 2018
CVE-2018-8777: DoS by large request in WEBrick
There is a out-of-memory DoS vulnerability with a large request in WEBrick bundled with Ruby. This vulnerability has been assigned the CVE identifier CVE-2018-8777.
Posted by usa on 28 Mar 2018
CVE-2017-17742: HTTP response splitting in WEBrick
There is an HTTP response splitting vulnerability in WEBrick bundled with Ruby. This vulnerability has been assigned the CVE identifier CVE-2017-17742.
Posted by usa on 28 Mar 2018
CVE-2018-8778: Buffer under-read in String#unpack
There is a buffer under-read vulnerability in String#unpack method.
This vulnerability has been assigned the CVE identifier CVE-2018-8778.
Posted by usa on 28 Mar 2018
Ruby 2.6.0-preview1 Released
We are pleased to announce the release of Ruby 2.6.0-preview1.
Posted by naruse on 24 Feb 2018
Multiple vulnerabilities in RubyGems
There are multiple vulnerabilities in RubyGems bundled by Ruby. It is reported at the official blog of RubyGems.
Posted by usa on 17 Feb 2018