Ruby 2.7.0 Released
We are pleased to announce the release of Ruby 2.7.0.
Posted by naruse on 25 Dec 2019
Separation of positional and keyword arguments in Ruby 3.0
This article explains the planned incompatibility of keyword arguments in Ruby 3.0
Posted by mame on 12 Dec 2019
Ruby 2.7.0-preview3 Released
We are pleased to announce the release of Ruby 2.7.0-preview3.
Posted by naruse on 23 Nov 2019
Ruby 2.7.0-preview2 Released
We are pleased to announce the release of Ruby 2.7.0-preview2.
Posted by naruse on 22 Oct 2019
2020 Fukuoka Ruby Award Competition - Entries to be judged by Matz
Dear Ruby Enthusiasts,
Posted by Fukuoka Ruby on 16 Oct 2019
CVE-2019-16201: Regular Expression Denial of Service vulnerability of WEBrick's Digest access authentication
Regular expression denial of service vulnerability of WEBrick’s Digest authentication module was found. An attacker can exploit this vulnerability to cause an effective denial of service against a WEBrick service.
Posted by mame on 1 Oct 2019
CVE-2019-15845: A NUL injection vulnerability of File.fnmatch and File.fnmatch?
A NUL injection vulnerability of Ruby built-in methods (File.fnmatch and File.fnmatch?) was found. An attacker who has the control of the path pattern parameter could exploit this vulnerability to make path matching pass despite the intention of the program author.
CVE-2019-15845 has been assigned to this vulnerability.
Posted by mame on 1 Oct 2019
CVE-2019-16254: HTTP response splitting in WEBrick (Additional fix)
There is an HTTP response splitting vulnerability in WEBrick bundled with Ruby. This vulnerability has been assigned the CVE identifier CVE-2019-16254.
Posted by mame on 1 Oct 2019
CVE-2019-16255: A code injection vulnerability of Shell#[] and Shell#test
A code injection vulnerability of Shell#[] and Shell#test in a standard library (lib/shell.rb) was found. The vulnerability has been assigned the CVE identifier CVE-2019-16255.
Posted by mame on 1 Oct 2019
Multiple jQuery vulnerabilities in RDoc
There are multiple vulnerabilities about Cross-Site Scripting (XSS) in jQuery shipped with RDoc which bundled in Ruby. All Ruby users are recommended to update Ruby to the latest release which includes the fixed version of RDoc.
Posted by aycabta on 28 Aug 2019
Ruby 2.7.0-preview1 Released
We are pleased to announce the release of Ruby 2.7.0-preview1.
Posted by naruse on 30 May 2019
Ruby Repository Moved to Git from Subversion
Today, the canonical repository of the Ruby programming language was moved to Git from Subversion.
Posted by hsbt on 23 Apr 2019
Support of Ruby 2.3 has ended
We announce that all support of the Ruby 2.3 series has ended.
Posted by antonpaisov on 31 Mar 2019
Multiple vulnerabilities in RubyGems
There are multiple vulnerabilities in RubyGems bundled with Ruby. It is reported at the official blog of RubyGems.
Posted by hsbt on 5 Mar 2019