Ruby Mailing List Mirror

[ANN] Ruby 2.4.2, 2.3.5 and 2.2.8 released with several security fixes

U.NAKAMURA (U.NAKAMURA) 14 September 2017 13:58 1

Hi, all

We've just released Ruby 2.4.2, 2.3.5 and 2.2.8.
How to download and details:

* [Ruby 2.4.2 Released](https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-4-2-released/)
* [Ruby 2.3.5 Released](https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/)
* [Ruby 2.2.8 Released](https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/)

These releases include several security fixes.
You can check details:

* [CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf](https://www.ruby-lang.org/en/news/2017/09/14/sprintf-buffer-underrun-cve-2017-0898/)
* [CVE-2017-10784: Escape sequence injection vulnerability in the Basic authentication of WEBrick](https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/)
* [CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 docode](https://www.ruby-lang.org/en/news/2017/09/14/openssl-asn1-buffer-underrun-cve-2017-14033/)
* [CVE-2017-14064: Heap exposure vulnerability in generating JSON](https://www.ruby-lang.org/en/news/2017/09/14/json-heap-exposure-cve-2017-14064/)
* [Multiple vulnerabilities in RubyGems](https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/)

We strongly recommend to upgrade your ruby installations as soon as
possible.

Regards,

···

--
U.Nakamaura <usa@garbagecollect.jp>

Topic		Replies	Views	Activity
[ANN] Ruby 2.5.1, 2.4.4, 2.3.7 and 2.2.10 Released! ruby-talk	0	459	28 March 2018
[ANN] Ruby 2.6.5, 2.5.7 and 2.4.8 Released ruby-talk	0	462	1 October 2019
[ANN] Ruby 2.4.3, 2.3.6 and 2.2.9 Released with several security fixes ruby-talk	0	389	14 December 2017
[ANN] Ruby 2.5.2, 2.4.5 and 2.3.8 Released! ruby-talk	0	371	17 October 2018
[ANN] Ruby 2.7.1, 2.6.6, 2.5.8 and 2.4.10 Released ruby-talk	0	434	31 March 2020