Groups
Conversations
All groups and messages
Send feedback to Google
Help
Sign in
Groups
ruby-security-ann
Conversations
About
ruby-security-ann
1–30 of 210
Security announcements for Ruby, Rails, Rubygems, Bundler, and other Ruby ecosystem projects.
Mark all as read
Report abusive group
0 selected
Mike Dalessio
Jun 9
[CVE-2022-32209] Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
There is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer. This
unread,
[CVE-2022-32209] Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
There is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer. This
Jun 9
Mike Dalessio
Jun 9
[ANN] mechanize security update v2.8.5
Mechanize v2.8.5 has been released with a security update. The release notes are reproduced below for
unread,
[ANN] mechanize security update v2.8.5
Mechanize v2.8.5 has been released with a security update. The release notes are reproduced below for
Jun 9
Aaron Patterson
May 27
[CVE-2022-30123] Possible shell escape sequence injection vulnerability in Rack
There is a possible shell escape sequence injection vulnerability in the Lint and CommonLogger
unread,
[CVE-2022-30123] Possible shell escape sequence injection vulnerability in Rack
There is a possible shell escape sequence injection vulnerability in the Lint and CommonLogger
May 27
Aaron Patterson
May 27
[CVE-2022-30122] Denial of Service Vulnerability in Rack Multipart Parsing
There is a possible denial of service vulnerability in the multipart parsing component of Rack. This
unread,
[CVE-2022-30122] Denial of Service Vulnerability in Rack Multipart Parsing
There is a possible denial of service vulnerability in the multipart parsing component of Rack. This
May 27
Mike Dalessio
May 8
[ANN] Nokogiri security update v1.13.6
Nokogiri v1.13.6 has been released with a security update for CRuby users. The release notes are
unread,
[ANN] Nokogiri security update v1.13.6
Nokogiri v1.13.6 has been released with a security update for CRuby users. The release notes are
May 8
Mike Dalessio
May 4
[ANN] Nokogiri security update v1.13.5
Nokogiri v1.13.5 has been released with a security update for CRuby users. The changelog entry is
unread,
[ANN] Nokogiri security update v1.13.5
Nokogiri v1.13.5 has been released with a security update for CRuby users. The changelog entry is
May 4
Aaron Patterson
Apr 26
[CVE-2022-27777] Possible XSS Vulnerability in Action View tag helpers
There is a possible XSS vulnerability in Action View tag helpers. Passing untrusted input as hash
unread,
[CVE-2022-27777] Possible XSS Vulnerability in Action View tag helpers
There is a possible XSS vulnerability in Action View tag helpers. Passing untrusted input as hash
Apr 26
Aaron Patterson
Apr 26
[CVE-2022-22577] Possible XSS Vulnerability in Action Pack
There is a possible XSS vulnerability in Rails / Action Pack. This vulnerability has been assigned
unread,
[CVE-2022-22577] Possible XSS Vulnerability in Action Pack
There is a possible XSS vulnerability in Rails / Action Pack. This vulnerability has been assigned
Apr 26
an...@arko.net
Apr 12
Ruby 2.6.10 Released
Ruby 2.6.10 has been released. This release includes a security fix. Please check the topics below
unread,
Ruby 2.6.10 Released
Ruby 2.6.10 has been released. This release includes a security fix. Please check the topics below
Apr 12
an...@arko.net
Apr 12
CVE-2022-28739: Buffer overrun in String-to-Float conversion
A buffer-overrun vulnerability is discovered in a conversion algorithm from a String to a Float. This
unread,
CVE-2022-28739: Buffer overrun in String-to-Float conversion
A buffer-overrun vulnerability is discovered in a conversion algorithm from a String to a Float. This
Apr 12
an...@arko.net
Apr 12
CVE-2022-28738: Double free in Regexp compilation
A double-free vulnerability is discovered in Regexp compilation. This vulnerability has been assigned
unread,
CVE-2022-28738: Double free in Regexp compilation
A double-free vulnerability is discovered in Regexp compilation. This vulnerability has been assigned
Apr 12
an...@arko.net
Apr 12
Ruby 3.0.4 Released
Ruby 3.0.4 has been released. This release includes security fixes. Please check the topics below for
unread,
Ruby 3.0.4 Released
Ruby 3.0.4 has been released. This release includes security fixes. Please check the topics below for
Apr 12
an...@arko.net
Apr 12
Ruby 2.7.6 Released
Ruby 2.7.6 has been released. This release includes a security fix. Please check the topics below for
unread,
Ruby 2.7.6 Released
Ruby 2.7.6 has been released. This release includes a security fix. Please check the topics below for
Apr 12
an...@arko.net
Apr 12
Ruby 3.1.2 Released
Ruby 3.1.2 has been released. This release includes security fixes. Please check the topics below for
unread,
Ruby 3.1.2 Released
Ruby 3.1.2 has been released. This release includes security fixes. Please check the topics below for
Apr 12
Mike Dalessio
Apr 11
[ANN] Nokogiri security update v1.13.4
Nokogiri v1.13.4 has been released, with multiple security updates for both CRuby and JRuby users.
unread,
[ANN] Nokogiri security update v1.13.4
Nokogiri v1.13.4 has been released, with multiple security updates for both CRuby and JRuby users.
Apr 11
Aaron Patterson
Mar 8
[CVE-2022-21831] Possible code injection vulnerability in Rails / Active Storage
There is a possible code injection vulnerability in the Active Storage module of Rails. This
unread,
[CVE-2022-21831] Possible code injection vulnerability in Rails / Active Storage
There is a possible code injection vulnerability in the Active Storage module of Rails. This
Mar 8
Mike Dalessio
3
Feb 22
[ANN] Nokogiri security update v1.13.2
Final update: Nokogiri v1.13.3 has been released which patches libxml2 to address the HTML4 parsing
unread,
[ANN] Nokogiri security update v1.13.2
Final update: Nokogiri v1.13.3 has been released which patches libxml2 to address the HTML4 parsing
Feb 22
Aaron Patterson
Feb 11
[CVE-2022-23633] Possible exposure of information vulnerability in Action Pack
## Impact Under certain circumstances response bodies will not be closed, for example a bug in a
unread,
[CVE-2022-23633] Possible exposure of information vulnerability in Action Pack
## Impact Under certain circumstances response bodies will not be closed, for example a bug in a
Feb 11
Aaron Patterson
12/14/21
[CVE-2021-44528] Possible Open Redirect in Host Authorization Middleware
There is a possible open redirect vulnerability in the Host Authorization middleware in Action Pack.
unread,
[CVE-2021-44528] Possible Open Redirect in Host Authorization Middleware
There is a possible open redirect vulnerability in the Host Authorization middleware in Action Pack.
12/14/21
an...@arko.net
11/24/21
Ruby 3.0.3 Released
Ruby 3.0.3 has been released. This release includes security fixes. Please check the topics below for
unread,
Ruby 3.0.3 Released
Ruby 3.0.3 has been released. This release includes security fixes. Please check the topics below for
11/24/21
an...@arko.net
11/24/21
CVE-2021-41816: Buffer Overrun in CGI.escape_html
A buffer overrun vulnerability was discovered in CGI.escape_html. This vulnerability has been
unread,
CVE-2021-41816: Buffer Overrun in CGI.escape_html
A buffer overrun vulnerability was discovered in CGI.escape_html. This vulnerability has been
11/24/21
an...@arko.net
11/24/21
Ruby 2.7.5 Released
Ruby 2.7.5 has been released. This release includes security fixes. Please check the topics below for
unread,
Ruby 2.7.5 Released
Ruby 2.7.5 has been released. This release includes security fixes. Please check the topics below for
11/24/21
an...@arko.net
11/24/21
CVE-2021-41819: Cookie Prefix Spoofing in CGI::Cookie.parse
A cookie prefix spoofing vulnerability was discovered in CGI::Cookie.parse. This vulnerability has
unread,
CVE-2021-41819: Cookie Prefix Spoofing in CGI::Cookie.parse
A cookie prefix spoofing vulnerability was discovered in CGI::Cookie.parse. This vulnerability has
11/24/21
an...@arko.net
11/24/21
Ruby 2.6.9 Released
Ruby 2.6.9 has been released. This release includes security fixes. Please check the topics below for
unread,
Ruby 2.6.9 Released
Ruby 2.6.9 has been released. This release includes security fixes. Please check the topics below for
11/24/21
Mike Dalessio
9/27/21
Nokogiri security update v1.12.5
Nokogiri v1.12.5 was released on 2021-09-27 which contains a fix for CVE-2021-41098, fully described
unread,
Nokogiri security update v1.12.5
Nokogiri v1.12.5 was released on 2021-09-27 which contains a fix for CVE-2021-41098, fully described
9/27/21
Aaron Patterson
8/19/21
[CVE-2021-22942] Possible Open Redirect in Host Authorization Middleware
# Possible Open Redirect in Host Authorization Middleware There is a possible open redirect
unread,
[CVE-2021-22942] Possible Open Redirect in Host Authorization Middleware
# Possible Open Redirect in Host Authorization Middleware There is a possible open redirect
8/19/21
an...@arko.net
7/7/21
Ruby 2.6.8 Released
Ruby 2.6.8 has been released. This release includes security fixes. Please check the topics below for
unread,
Ruby 2.6.8 Released
Ruby 2.6.8 has been released. This release includes security fixes. Please check the topics below for
7/7/21
an...@arko.net
7/7/21
Ruby 2.7.4 Released
Ruby 2.7.4 has been released. This release includes security fixes. Please check the topics below for
unread,
Ruby 2.7.4 Released
Ruby 2.7.4 has been released. This release includes security fixes. Please check the topics below for
7/7/21
an...@arko.net
7/7/21
CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP
A StartTLS stripping vulnerability was discovered in Net::FTP. This vulnerability has been assigned
unread,
CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP
A StartTLS stripping vulnerability was discovered in Net::FTP. This vulnerability has been assigned
7/7/21
an...@arko.net
7/7/21
Ruby 3.0.2 Released
Ruby 3.0.2 has been released. This release includes security fixes. Please check the topics below for
unread,
Ruby 3.0.2 Released
Ruby 3.0.2 has been released. This release includes security fixes. Please check the topics below for
7/7/21