[ANN] Ruby 2.5.1, 2.4.4, 2.3.7 and 2.2.10 Released!


(U.NAKAMURA) #1

Hi, all

We've just released Ruby 2.5.1, 2.4.4, 2.3.7 and 2.2.10.
How to download and details:

* [Ruby 2.5.1 Released](https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/)
* [Ruby 2.4.4 Released](https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/)
* [Ruby 2.3.7 Released](https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/)
* [Ruby 2.2.10 Released](https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/)

These releases include several security fixes.
You can check details:

* [CVE-2017-17742: HTTP response splitting in WEBrick](https://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/)
* [CVE-2018-8777: DoS by large request in WEBrick](https://www.ruby-lang.org/en/news/2018/03/28/large-request-dos-in-webrick-cve-2018-8777/)
* [CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir](https://www.ruby-lang.org/en/news/2018/03/28/unintentional-file-and-directory-creation-with-directory-traversal-cve-2018-6914/)
* [CVE-2018-8778: Buffer under-read in String#unpack](https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/)
* [CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket](https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-unixsocket-cve-2018-8779/)
* [CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir](https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/)
* [Multiple vulnerabilities in RubyGems](https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/)

We strongly recommend to upgrade your ruby installations as soon as
possible.

Regards,

ยทยทยท

--
U.Nakamaura <usa@garbagecollect.jp>