ruby-security-ann

Security announcements for Ruby, Rails, Rubygems, Bundler, and other Ruby ecosystem projects.

Showing 1-20 of 53 topics
rubygems <2.4.8 vulnerable to DNS request hijacking (CVE-2015-3900 and CVE-2015-4020) Reed Loden 6/26/15
[CVE-2015-1840] CSRF Vulnerability in jquery-ujs and jquery-rails Aaron Patterson 6/16/15
[CVE-2015-3227] Possible Denial of Service attack in Active Support Aaron Patterson 6/16/15
[CVE-2015-3224] IP whitelist bypass in Web Console Aaron Patterson 6/16/15
[CVE-2015-3226] XSS Vulnerability in ActiveSupport::JSON.encode Aaron Patterson 6/16/15
[CVE-2015-3225] Potential Denial of Service Vulnerability in Rack Aaron Patterson 6/16/15
Remote code execution vulnerability in Refile gem jnicklas 4/14/15
CVE-2015-1855: Ruby OpenSSL Hostname Verification André Arko 4/13/15
redcarpet <=3.2.2 (and related ruby gems) allow for possible XSS via autolinking of untrusted markdown Reed Loden 4/7/15
CVE-2015-1828: HTTPS MitM vulnerability in http.rb Tony Arcieri 4/7/15
[CVE-2014-8144] CSRF vulnerability in doorkeeper Tute Costa - thoughtbot 12/17/14
[AMENDED] [CVE-2014-7829] Arbitrary file existence disclosure in Action Pack Aaron Patterson 11/20/14
[CVE-2014-7829] Arbitrary file existence disclosure in Action Pack Aaron Patterson 11/17/14
CVE-2014-8090: Another Denial Of Service XML Expansion André Arko 11/14/14
Ruby 2.1.5 is Released André Arko 11/14/14
Ruby 2.0.0-p598 is Released André Arko 11/14/14
Ruby 1.9.3-p551 is Released André Arko 11/14/14
[AMENDED] [CVE-2014-7819] Arbitrary file existence disclosure in Sprockets Aaron Patterson 10/30/14
Ruby 2.1.4 is released André Arko 10/27/14
Ruby 2.0.0-p594 Released André Arko 10/27/14
More topics »