Posted by usa on 5 Apr 2021
Ruby 2.5.9 has been released.
This release includes security fixes. Please check the topics below for details.
- CVE-2020-25613: Potential HTTP Request Smuggling Vulnerability in WEBrick
- CVE-2021-28965: XML round-trip vulnerability in REXML
See the commit logs for details.
After this release, Ruby 2.5 reaches EOL. In other words, this is the last release of Ruby 2.5 series. We will not release Ruby 2.5.10 even if a security vulnerability is found. We recommend all Ruby 2.5 users to upgrade to Ruby 3.0, 2.7 or 2.6 immediately.
Download
-
https://cache.ruby-lang.org/pub/ruby/2.5/ruby-2.5.9.tar.bz2
SIZE: 13805484 SHA1: 6ac21486996aa38a71f858d28d01ada5593d0b45 SHA256: bebbe3fe7899acd3ca2f213de38158709555e88a13f85ba5dc95239654bcfeeb SHA512: 12f58e14cfa6337065b0e82941e39b167813920eb54cbdb4ac4a680dd0cb75d2684d341059e7b4d0da1292bfc4e53041443bd14891a66f50991858b440a835c8
-
https://cache.ruby-lang.org/pub/ruby/2.5/ruby-2.5.9.tar.gz
SIZE: 15687501 SHA1: 5408671f2ba4f3124ab99ea6edb6d62887d7e5a0 SHA256: f5894e05f532b748c3347894a5efa42066fd11cc8d261d4d9788ff71da00be68 SHA512: 5c9a6703b4c8d6e365856d7815e202f24659078d4c8e7a5059443453032b73b28e7ab2b8a6fa995c92c8e7f4838ffa6f9eec31593854e2fc3fc35532cb2db788
-
https://cache.ruby-lang.org/pub/ruby/2.5/ruby-2.5.9.tar.xz
SIZE: 11314448 SHA1: 7be8dc2e6e534eb36bfdf9f017af512996ec99a6 SHA256: a87f2fa901408cc77652c1a55ff976695bbe54830ff240e370039eca14b358f0 SHA512: 239f73eb4049ae2654b648ab927b1f74643d38a5f29572e4bd4e6aa3c53c1df29e0a995fd90d4ab9d4b2ff073fd809b12df820ccb1ddf395684bba6be1855b7a
-
https://cache.ruby-lang.org/pub/ruby/2.5/ruby-2.5.9.zip
SIZE: 19064704 SHA1: 5f39cfb7a73c7321b65706617275c3c7452281a9 SHA256: 14db683c6ba6a863ef126718269758de537571b675231ec43f03b987739e3ce1 SHA512: c4a34678d280a99fde28cc33ba12d164be8a484f43b09495f9c22c48d2b963424c38470020c057cf346f8cc050ab4289a90a8d516b2a79245dea4e6de79cb75f
Release Comment
Thanks to everyone who helped with this release, especially, to reporters of the vulnerability.