ruby-security-ann

Security announcements for Ruby, Rails, Rubygems, Bundler, and other Ruby ecosystem projects.

Showing 1-20 of 105 topics
CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir André Arko 3/28/18
Ruby 2.4.4 Released André Arko 3/28/18
Ruby 2.3.7 Released André Arko 3/28/18
Ruby 2.5.1 Released André Arko 3/28/18
CVE-2017-17742: HTTP response splitting in WEBrick André Arko 3/28/18
Ruby 2.2.10 Released André Arko 3/28/18
CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket André Arko 3/28/18
CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir André Arko 3/28/18
CVE-2018-8777: DoS by large request in WEBrick André Arko 3/28/18
CVE-2018-8778: Buffer under-read in String#unpack André Arko 3/28/18
[CVE-2018-3741] XSS vulnerability in rails-html-sanitizer Rafael Mendonça França 3/22/18
[CVE-2018-3740] Sanitize <= 4.6.2 HTML injection and XSS Ryan Grove 3/20/18
[CVE-2018-8048] Loofah XSS Vulnerability Mike Dalessio 3/19/18
[ANN] nokogiri security update 1.8.2 released Mike Dalessio 1/29/18
Ruby 2.4.3 Released André Arko 12/14/17
Ruby 2.2.9 Released André Arko 12/14/17
Ruby 2.3.6 Released André Arko 12/14/17
CVE-2017-17405: Command injection vulnerability in Net::FTP André Arko 12/14/17
[CVE-2017-0903] Unsafe Object Deserialization Vulnerability in RubyGems Aaron Patterson 10/9/17
[ANN] nokogiri security update 1.8.1 Released Mike Dalessio 9/19/17
More topics »