ruby-security-ann

Security announcements for Ruby, Rails, Rubygems, Bundler, and other Ruby ecosystem projects.

Showing 1-20 of 72 topics
[CVE-2015-7581] Object leak vulnerability for wildcard controller routes in Action Pack Aaron Patterson 1/25/16
[CVE-2015-7578] Possible XSS vulnerability in rails-html-sanitizer Aaron Patterson 1/25/16
[CVE-2016-0753] Possible Input Validation Circumvention in Active Model Aaron Patterson 1/25/16
[CVE-2016-0752] Possible Information Leak Vulnerability in Action View Aaron Patterson 1/25/16
[CVE-2015-7579] XSS vulnerability in rails-html-sanitizer Aaron Patterson 1/25/16
[CVE-2015-7577] Nested attributes rejection proc bypass in Active Record. Aaron Patterson 1/25/16
[CVE-2016-0751] Possible Object Leak and Denial of Service attack in Action Pack Aaron Patterson 1/25/16
[CVE-2015-7576] Timing attack vulnerability in basic authentication in Action Controller. Aaron Patterson 1/25/16
[ANN] nokogiri security update - 1.6.7.2 Mike Dalessio 1/20/16
Ruby 2.2.4 Released André Arko 12/18/15
CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL André Arko 12/18/15
Ruby 2.1.8 Released André Arko 12/18/15
Ruby 2.0.0-p648 Released André Arko 12/18/15
[ANN] nokogiri security update - 1.6.7.1 Mike Dalessio 12/16/15
Nokogiri security updates - 1.6.6.3 and 1.6.6.4 Mike Dalessio 11/20/15
CVE : gollum wiki gem information disclosure vulnerability Dawa Ometto 9/20/15
Ruby 2.1.7 Released André Arko 8/19/15
Ruby 2.0.0-p647 Released André Arko 8/19/15
Ruby 2.2.3 Released André Arko 8/19/15
rubygems <2.4.8 vulnerable to DNS request hijacking (CVE-2015-3900 and CVE-2015-4020) Reed Loden 6/26/15
More topics »