2022 Archives

We have released the cgi gem version 0.3.5, 0.2.2, and 0.1.0.2 that has a security fix for a HTTP response splitting vulnerability. This vulnerability has been assigned the CVE identifier CVE-2021-33621.

Posted by mame on 22 Nov 2022

Ruby 3.2.0 Preview 3 Released

Posted by naruse on 11 Nov 2022

Ruby 3.2.0 Preview 2 Released

Posted by naruse on 9 Sep 2022

Ruby 3.1.2 Released

Ruby 3.1.2 has been released.

Posted by naruse and mame on 12 Apr 2022

Ruby 3.0.4 Released

Ruby 3.0.4 has been released.

Posted by nagachika and mame on 12 Apr 2022

Ruby 2.7.6 Released

Ruby 2.7.6 has been released.

Posted by usa and mame on 12 Apr 2022

Ruby 2.6.10 Released

Ruby 2.6.10 has been released.

Posted by usa and mame on 12 Apr 2022

CVE-2022-28738: Double free in Regexp compilation

A double-free vulnerability is discovered in Regexp compilation. This vulnerability has been assigned the CVE identifier CVE-2022-28738. We strongly recommend upgrading Ruby.

Posted by mame on 12 Apr 2022

CVE-2022-28739: Buffer overrun in String-to-Float conversion

A buffer-overrun vulnerability is discovered in a conversion algorithm from a String to a Float. This vulnerability has been assigned the CVE identifier CVE-2022-28739. We strongly recommend upgrading Ruby.

Posted by mame on 12 Apr 2022