2022 Archives

Ruby 3.1.3 has been released.

Ruby 3.0.5 has been released.

Ruby 2.7.7 has been released.

We have released the cgi gem version 0.3.5, 0.2.2, and 0.1.0.2 that has a security fix for a HTTP response splitting vulnerability. This vulnerability has been assigned the CVE identifier CVE-2021-33621.

Ruby 3.1.2 has been released.

Ruby 3.0.4 has been released.

Ruby 2.7.6 has been released.

Ruby 2.6.10 has been released.

A double-free vulnerability is discovered in Regexp compilation. This vulnerability has been assigned the CVE identifier CVE-2022-28738. We strongly recommend upgrading Ruby.

A buffer-overrun vulnerability is discovered in a conversion algorithm from a String to a Float. This vulnerability has been assigned the CVE identifier CVE-2022-28739. We strongly recommend upgrading Ruby.

Ruby 3.1.1 has been released.