ruby-security-ann

Security announcements for Ruby, Rails, Rubygems, Bundler, and other Ruby ecosystem projects.

Showing 1-20 of 76 topics
[CVE-2016-5697] signature wrapping attack vulnerability in ruby-saml prior to version 1.3.0 Alvaro Hoyos 6/24/16
[ANN] nokogiri security update - 1.6.8 Mike Dalessio 6/6/16
[CVE-2016-2097] Possible Information Leak Vulnerability in Action View. Rafael Mendonça França 2/29/16
[CVE-2016-2098] Possible remote code execution vulnerability in Action Pack Rafael Mendonça França 2/29/16
[CVE-2015-7581] Object leak vulnerability for wildcard controller routes in Action Pack Aaron Patterson 1/25/16
[CVE-2015-7578] Possible XSS vulnerability in rails-html-sanitizer Aaron Patterson 1/25/16
[CVE-2016-0753] Possible Input Validation Circumvention in Active Model Aaron Patterson 1/25/16
[CVE-2016-0752] Possible Information Leak Vulnerability in Action View Aaron Patterson 1/25/16
[CVE-2015-7579] XSS vulnerability in rails-html-sanitizer Aaron Patterson 1/25/16
[CVE-2015-7577] Nested attributes rejection proc bypass in Active Record. Aaron Patterson 1/25/16
[CVE-2016-0751] Possible Object Leak and Denial of Service attack in Action Pack Aaron Patterson 1/25/16
[CVE-2015-7576] Timing attack vulnerability in basic authentication in Action Controller. Aaron Patterson 1/25/16
[ANN] nokogiri security update - 1.6.7.2 Mike Dalessio 1/20/16
Ruby 2.2.4 Released André Arko 12/18/15
CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL André Arko 12/18/15
Ruby 2.1.8 Released André Arko 12/18/15
Ruby 2.0.0-p648 Released André Arko 12/18/15
[ANN] nokogiri security update - 1.6.7.1 Mike Dalessio 12/16/15
Nokogiri security updates - 1.6.6.3 and 1.6.6.4 Mike Dalessio 11/20/15
CVE : gollum wiki gem information disclosure vulnerability Dawa Ometto 9/20/15
More topics »