Posted by usa on 28 Mar 2018
Ruby 2.2.10 has been released. This release includes several security fixes. Please check the topics below for details.
- CVE-2017-17742: HTTP response splitting in WEBrick
- CVE-2018-8777: DoS by large request in WEBrick
- CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir
- CVE-2018-8778: Buffer under-read in String#unpack
- CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket
- CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir
- Multiple vulnerabilities in RubyGems
Ruby 2.2 is under the state of the security maintenance phase, until the end of the March of 2018. After the date, maintenance of Ruby 2.2 will be ended. So, this release is expected to be the last release of Ruby 2.2. We will never make a new release of Ruby 2.2 unless Ruby 2.2.10 has a serious regression bug. We recommend you migrating to newer versions of Ruby, such as 2.5.
SIZE: 13365461 bytes SHA1: 72ee1dcfd96199d2c3092b77db7a7f439c0abd08 SHA256: a54204d2728283c9eff0cf81d654f245fa5b3447d0824f1a6bc3b2c5c827381e SHA512: f8ec96c2a5f4ecf22052ee0b1029989ded52d7bf5d41be24fef67e732e76f72119302240bca08f0547510a9cd29e941a32e263cad9c8a2bf80023d6bc97b2373
SIZE: 16694179 bytes SHA1: b0207c861f3fa41cbe4909ecb89bd2fcac81fe7c SHA256: cd51019eb9d9c786d6cb178c37f6812d8a41d6914a1edaf0050c051c75d7c358 SHA512: 051124922240d2e20e74903b9c629fa897279072d2aa9b0a4e3a02331b843fa9c97c16e7073d6faec1b9f2024c3a7e36346014c30eee256f0715c5de226b5db8
SIZE: 10508612 bytes SHA1: c46737f81df819c3d7423df5c644431b3fcb8fee SHA256: bf77bcb7e6666ccae8d0882ea12b05f382f963f0a9a5285a328760c06a9ab650 SHA512: 1f35458f2b1c334e64aecf42cd1df3b223fef119b6ad23394285d9f2e72da26b3ba5418950694c4a8c0b4afc43672f78459f2f7281a595cff0967eb239662ae4
SIZE: 18540424 bytes SHA1: 0f4b9c6695d000cb456fe8b89f8bf6d42fb95069 SHA256: 6933eb989afb1b916c438d8eeecff1cfb0a6569c07e7190beca56b10b822207a SHA512: dfaa9a76170b0eed9cb2bf41178f2193dd3428492413b1616aaabd67ec35b9b7705b422b0fdfe38b18a1800bbce3ba161b53d229d307ea7f5c0269ef3d031980
Thanks to everyone who reported vulnerabilities, fixed the vulnerabilities and helped with this release.