Posted by hsbt on 23 Apr 2024
Ruby 3.0.7 has been released.
This release includes security fixes. Please check the topics below for details.
- CVE-2024-27282: Arbitrary memory address read vulnerability with Regex search
- CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc
- CVE-2024-27280: Buffer overread vulnerability in StringIO
See the GitHub releases for further details.
After this release, Ruby 3.0 reaches EOL. In other words, this is expected to be the last release of Ruby 3.0 series. We will not release Ruby 3.0.8 even if a security vulnerability is found (but could release if a severe regression is found). We recommend all Ruby 3.0 users to start migration to Ruby 3.3, 3.2, or 3.1 immediately.
Download
-
https://cache.ruby-lang.org/pub/ruby/3.0/ruby-3.0.7.tar.gz
SIZE: 21268288 SHA1: ec95aee1364fc4d0ca0e8f83c525127016e05c86 SHA256: 2a3411977f2850431136b0fab8ad53af09fb74df2ee2f4fb7f11b378fe034388 SHA512: 66e5116ddd027ab1b27d466104a5b440889318b4f2f74b5fdf3099812bf5f7ef77be62fe1df37e0dc7cd5b2f5efe7fee5b9096910ce815ca4126577cb2abfaa7
-
https://cache.ruby-lang.org/pub/ruby/3.0/ruby-3.0.7.tar.xz
SIZE: 15848768 SHA1: efc97e609868a19f89653068c4915c162117b721 SHA256: 1748338373c4fad80129921080d904aca326e41bd9589b498aa5ee09fd575bab SHA512: 4760dc7d1345279b53cff30f3dd015b67f6a505e5028357f046dbf23b15a52d09f7d91fcfe5cb75d6c3222e7283aad12b97b36f5de0ff959f824bd42073f9c48
-
https://cache.ruby-lang.org/pub/ruby/3.0/ruby-3.0.7.zip
SIZE: 25652209 SHA1: b258a1bfcd49fb801b83a0aec90a8bb3989e9e42 SHA256: 163d752070a2ba1a015f004ae75e38ac9aa44bc4ebfafb55d5ff184cc72db5be SHA512: ed5e6d827ba981808bc4d914e400963b4443d522d52dd5d3f645db0cf38b50ab6c9baafac1b5e348e677500a16ceef1a5ac15c6a67003c2b2037cb86c1bd3654
Release Comment
Many committers, developers, and users who provided bug reports helped us make this release. Thanks for their contributions.