Posted by nagachika on 1 Oct 2019
Ruby 2.6.5 has been released.
This release includes security fixes. Please check the topics below for details.
- CVE-2019-16255: A code injection vulnerability of Shell#[] and Shell#test
- CVE-2019-16254: HTTP response splitting in WEBrick (Additional fix)
- CVE-2019-15845: A NUL injection vulnerability of File.fnmatch and File.fnmatch?
- CVE-2019-16201: Regular Expression Denial of Service vulnerability of WEBrick’s Digest access authentication
See the commit logs for changes in detail.
Download
-
https://cache.ruby-lang.org/pub/ruby/2.6/ruby-2.6.5.tar.bz2
SIZE: 14134619 SHA1: d959802f994594f3296362883b5ce7edf5e6e465 SHA256: 97ddf1b922f83c1f5c50e75bf54e27bba768d75fea7cda903b886c6745e60f0a SHA512: 28e0b04ac8ca85203eb8939137b5e5de4850c933faf7f62fc69648fe1886faaabf6cdf48382f9d9585c1720876d10b41dafd33efaeb23341c309917fbd8a6e21
-
https://cache.ruby-lang.org/pub/ruby/2.6/ruby-2.6.5.tar.gz
SIZE: 16172159 SHA1: 1416ce288fb8bfeae07a12b608540318c9cace71 SHA256: 66976b716ecc1fd34f9b7c3c2b07bbd37631815377a2e3e85a5b194cfdcbed7d SHA512: 7ab7a0cdaf4863152efc86dbcfada7f10ab3fe33590eee3b6ab7b26fc27835a8a0ded4ec02b58e9969175582a2be5410da3dc9f8694a3cd2db97708bd72773e1
-
https://cache.ruby-lang.org/pub/ruby/2.6/ruby-2.6.5.tar.xz
SIZE: 11553580 SHA1: 575d3f68cbfa753fb07b538824711214f859b9c0 SHA256: d5d6da717fd48524596f9b78ac5a2eeb9691753da5c06923a6c31190abe01a62 SHA512: e8ae3b5d4d23a93d0ef6057235ad0e573665a8b4b6544e1c70b4cce9c4d2fb9094e5c8fe8a9ab7b9996efe3ada603f9b4ef1fd08fb5a83253c1ae2b5e3f202db
-
https://cache.ruby-lang.org/pub/ruby/2.6/ruby-2.6.5.zip
SIZE: 19839803 SHA1: 66d850ea8275615b1282ef832c34645bbf9ebb16 SHA256: 9455170dd264f69bd92ab0f4f30e5bdfc1ecafe32568114f1588a3850ca6e5fd SHA512: b9f54090f982695d92fc555cd1090db34496284edc69e335a16dea0d3189a33847464d1d1b701599bdabad0688efdf43cbbea41426f816a666d8ba7ccae6b5cf
Release Comment
Many committers, developers, and users who provided bug reports helped us make this release. Thanks for their contributions.