Security announcements for Ruby, Rails, Rubygems, Bundler, and other Ruby ecosystem projects.

Showing 1-20 of 91 topics
Ruby 2.4.3 Released André Arko 12/14/17
Ruby 2.2.9 Released André Arko 12/14/17
Ruby 2.3.6 Released André Arko 12/14/17
CVE-2017-17405: Command injection vulnerability in Net::FTP André Arko 12/14/17
[CVE-2017-0903] Unsafe Object Deserialization Vulnerability in RubyGems Aaron Patterson 10/9/17
[ANN] nokogiri security update 1.8.1 Released Mike Dalessio 9/19/17
CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 docode André Arko 9/15/17
CVE-2017-10784: Escape sequence injection vulnerability in the Basic authentication of WEBrick André Arko 9/15/17
CVE-2017-14064: Heap exposure vulnerability in generating JSON André Arko 9/15/17
CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf André Arko 9/15/17
Multiple vulnerabilities in RubyGems Thibaut Barrère 8/31/17
[ANN] nokogiri security update 1.7.2 released Mike Dalessio 5/9/17
[ANN] nokogiri security update 1.7.1 released Mike Dalessio 3/19/17
[CVE-2016-6316] Possible XSS Vulnerability in Action View Aaron Patterson 8/11/16
[CVE-2016-6317] Unsafe Query Generation Risk in Active Record Aaron Patterson 8/11/16
[CVE-2016-5697] signature wrapping attack vulnerability in ruby-saml prior to version 1.3.0 Alvaro Hoyos 6/24/16
[ANN] nokogiri security update - 1.6.8 Mike Dalessio 6/6/16
[CVE-2016-2097] Possible Information Leak Vulnerability in Action View. Rafael Mendonça França 2/29/16
[CVE-2016-2098] Possible remote code execution vulnerability in Action Pack Rafael Mendonça França 2/29/16
[CVE-2015-7581] Object leak vulnerability for wildcard controller routes in Action Pack Aaron Patterson 1/25/16
More topics »