ruby-security-ann

Security announcements for Ruby, Rails, Rubygems, Bundler, and other Ruby ecosystem projects.

Showing 1-20 of 78 topics
[CVE-2016-6316] Possible XSS Vulnerability in Action View Aaron Patterson 8/11/16
[CVE-2016-6317] Unsafe Query Generation Risk in Active Record Aaron Patterson 8/11/16
[CVE-2016-5697] signature wrapping attack vulnerability in ruby-saml prior to version 1.3.0 Alvaro Hoyos 6/24/16
[ANN] nokogiri security update - 1.6.8 Mike Dalessio 6/6/16
[CVE-2016-2097] Possible Information Leak Vulnerability in Action View. Rafael Mendonça França 2/29/16
[CVE-2016-2098] Possible remote code execution vulnerability in Action Pack Rafael Mendonça França 2/29/16
[CVE-2015-7581] Object leak vulnerability for wildcard controller routes in Action Pack Aaron Patterson 1/25/16
[CVE-2015-7578] Possible XSS vulnerability in rails-html-sanitizer Aaron Patterson 1/25/16
[CVE-2016-0753] Possible Input Validation Circumvention in Active Model Aaron Patterson 1/25/16
[CVE-2016-0752] Possible Information Leak Vulnerability in Action View Aaron Patterson 1/25/16
[CVE-2015-7579] XSS vulnerability in rails-html-sanitizer Aaron Patterson 1/25/16
[CVE-2015-7577] Nested attributes rejection proc bypass in Active Record. Aaron Patterson 1/25/16
[CVE-2016-0751] Possible Object Leak and Denial of Service attack in Action Pack Aaron Patterson 1/25/16
[CVE-2015-7576] Timing attack vulnerability in basic authentication in Action Controller. Aaron Patterson 1/25/16
[ANN] nokogiri security update - 1.6.7.2 Mike Dalessio 1/20/16
Ruby 2.2.4 Released André Arko 12/18/15
CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL André Arko 12/18/15
Ruby 2.1.8 Released André Arko 12/18/15
Ruby 2.0.0-p648 Released André Arko 12/18/15
[ANN] nokogiri security update - 1.6.7.1 Mike Dalessio 12/16/15
More topics »