Ruby 2.5.1 Released


9 months ago by ruby-lang.org on ruby-lang.org.
Ruby 2.5.1 has been released. This release includes some bug fixes and some security fixes. CVE-2017-17742: HTTP response splitting in WEBrick CVE-2018-6914...

Ruby 2.4.4 Released


9 months ago by ruby-lang.org on ruby-lang.org.
Ruby 2.4.4 has been released. This release includes some bug fixes and some security fixes. CVE-2017-17742: HTTP response splitting in WEBrick CVE-2018-6914...

Ruby 2.2.10 Released


9 months ago by ruby-lang.org on ruby-lang.org.
Ruby 2.2.10 has been released. This release includes several security fixes. Please check the topics below for details. CVE-2017-17742: HTTP response...

Ruby 2.3.7 Released


9 months ago by ruby-lang.org on ruby-lang.org.
Ruby 2.3.7 has been released. This release includes about 70 bug fixes after the previous release, and also includes several security fixes. Please check...

CVE-2018-8778: Buffer under-read in String#unpack


9 months ago by ruby-lang.org on ruby-lang.org.
There is a buffer under-read vulnerability in String#unpack method. This vulnerability has been assigned the CVE identifier CVE-2018-8778. Details String...

CVE-2017-17742: HTTP response splitting in WEBrick


9 months ago by ruby-lang.org on ruby-lang.org.
There is an HTTP response splitting vulnerability in WEBrick bundled with Ruby. This vulnerability has been assigned the CVE identifier CVE-2017-17742.Details...

CVE-2018-8777: DoS by large request in WEBrick


9 months ago by ruby-lang.org on ruby-lang.org.
There is a out-of-memory DoS vulnerability with a large request in WEBrick bundled with Ruby. This vulnerability has been assigned the CVE identifier CVE-2018-8777...

CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir


9 months ago by ruby-lang.org on ruby-lang.org.
There is an unintentional directory traversal in some methods in Dir. This vulnerability has been assigned the CVE identifier CVE-2018-8780. Details Dir...

CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket


9 months ago by ruby-lang.org on ruby-lang.org.
There is a unintentional socket creation vulnerability in UNIXServer.open method of socket library bundled with Ruby. And there is also a unintentional...

CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir


9 months ago by ruby-lang.org on ruby-lang.org.
There is an unintentional directory creation vulnerability in tmpdir library bundled with Ruby. And there is also an unintentional file creation vulnerability...