Fwd: [ANN] Ruby 2.6.4, 2.5.6 and 2.4.7 Released

[botp]

safe upgrade:

1 install new version(s)

2 run tests on new version(s)

3 give grace period running new version(s) for one week (to check for untested bugs, and/or bugs of the fixes : )

4 uninstall old version(s)

note: the rdoc bug is terrible. after upgrading your ruby and rdoc. you may have to wipeout your old docs and build anew.

---------- Forwarded message ---------
From: U.Nakamura <u...@garbagecollect.jp>
Date: Wed, Aug 28, 2019 at 6:15 PM
Subject: [ANN] Ruby 2.6.4, 2.5.6 and 2.4.7 Released
To: <ruby...@ruby-lang.org>

Hi, all

We've just released Ruby 2.6.4, 2.5.6 and 2.4.7.
How to download and details:

* [Ruby 2.6.4 Released](https://www.ruby-lang.org/en/news/2019/08/28/ruby-2-6-4-released/)
* [Ruby 2.5.6 Released](https://www.ruby-lang.org/en/news/2019/08/28/ruby-2-5-6-released/)
* [Ruby 2.4.7 Released](https://www.ruby-lang.org/en/news/2019/08/28/ruby-2-4-7-released/)


These releases include a security fix.
You can check detail:

* [Multiple jQuery vulnerabilities in RDoc](https://www.ruby-lang.org/en/news/2019/08/28/multiple-jquery-vulnerabilities-in-rdoc/)
への対応

We strongly recommend to upgrade your ruby installations as soon as
possible.


Regards,
--
U.Nakamaura <u...@garbagecollect.jp>


Unsubscribe: <mailto:ruby-tal...@ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-talk>

[Rystraum Gamonez]

Hi all,

If I understand the vulnerability correctly, if for any reason you can't upgrade ruby versions, you can:

$ gem install rdoc -f # this should get you an rdoc version >= 6.1.2 so the vulnerability is mitigated
$ gem uninstall rdoc -v 'previous.version.installed' # `gem list` should give you other versions
$ gem rdoc --all --overwrite # to regenerate any documentation generated by rdoc

Please correct me if I'm mistaken.

--
You received this message because you are subscribed to the Google Groups "Philippine Ruby Users Group (PRUG/PhRUG)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ruby-phil+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ruby-phil/CAAwHHQhxxOz7UUEH3cVwPRepGK3aP4MSONAyJu7Ukt0H5jn7_Q%40mail.gmail.com.