Posted by usa on 14 Sep 2017

Ruby 2.2.8 has been released. This release includes several security fixes. Please check the topics below for details.

• CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf
• CVE-2017-10784: Escape sequence injection vulnerability in the Basic authentication of WEBrick
• CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 decode
• CVE-2017-14064: Heap exposure vulnerability in generating JSON
• Multiple vulnerabilities in RubyGems
• Updated bundled libyaml to version 0.1.7

Ruby 2.2 is now under the state of the security maintenance phase, until the end of the March of 2018. After the date, maintenance of Ruby 2.2 will be ended. We recommend you start planning migration to newer versions of Ruby, such as 2.4 or 2.3.

Download

• https://cache.ruby-lang.org/pub/ruby/2.2/ruby-2.2.8.tar.bz2

  SIZE:   13374522 bytes
  SHA1:   d851324bf783221108ce79343fabbcd559b9e60b
  SHA256: b19085587d859baf9d7763f92e34a84632fceac5cc593ca2c0efa28ed8c6e44e
  SHA512: aa1c65f76a51a57d9059a38a13a823112b53850a9e7d6f72c3f3e38d381412014521049f7065c1b00877501b3b554235135d0f308045c2a9da133c766f5b9e46
  

• https://cache.ruby-lang.org/pub/ruby/2.2/ruby-2.2.8.tar.gz

  SIZE:   16681654 bytes
  SHA1:   15a6fca1bfe0488b24a204708a287904028aa367
  SHA256: 8f37b9d8538bf8e50ad098db2a716ea49585ad1601bbd347ef84ca0662d9268a
  SHA512: b9d355232c1ca3e17b5d4dcb70f0720da75b82787e45eb4ede281290bf42643665385e55428495eb55c17f744395130b4d64ef78ca66c5a5ecb9f4c3b732fdea
  

• https://cache.ruby-lang.org/pub/ruby/2.2/ruby-2.2.8.tar.xz

  SIZE:   10520648 bytes
  SHA1:   3a25914aafedc81952899298a18f9c3a4881d2d1
  SHA256: 37eafc15037396c26870f6a6c5bcd0658d14b46cd5e191a3b56d89dd22d561b0
  SHA512: e21004bee537f0c706f4ac9526507b414ddb6a8d721e8fad8d7fe88992a4f048eb5eb79f8d8b8af2a8b331dcfa74b560490218a1acb3532c2cdb4fb4909da3c9
  

• https://cache.ruby-lang.org/pub/ruby/2.2/ruby-2.2.8.zip

  SIZE:   18521461 bytes
  SHA1:   3b0142bad47e29f429903f6c4ca84540764b5e93
  SHA256: 58bf98b62d21d6cc622e6ef5c7d024db0458c6860199ab4c1bf68cdc4b36fa9d
  SHA512: 08cadfa72713f9e3348093c96af4c53f06f681bc29ada2d80f1c55faca6a59a3b2913aa2443bf645fea6f3840b32ce8ce894b358f972b1a295ee0860b656eb02
  

Release Comment

Thanks to everyone who helped with this release, especially, reports of vulnerabilities.

Syndicate

Recent News (RSS)