Updated: 2023-03-30 11:00:00
: Ruby A Programmer's Best Friend Home Downloads Documentation Libraries Community News Security About Ruby Menu CVE-2023-28756 : ReDoS vulnerability in Time Posted by hsbt on 30 Mar 2023 We have released the time gem version 0.1.1 and 0.2.2 that has a security fix for a ReDoS vulnerability . This vulnerability has been assigned the CVE identifier CVE-2023-28756 Details The Time parser mishandles invalid strings that have specific characters . It causes an increase in execution time for parsing strings to Time . objects A ReDoS issue was discovered in the Time gem 0.1.0 and 0.2.1 and Time library of Ruby 2.7.7. Recommended action We recommend to update the time gem to version 0.2.2 or later . In order to ensure compatibility with bundled version in older Ruby series , you may update as
Updated: 2023-03-30 00:00:00
Ruby A Programmer's Best Friend Home Downloads Documentation Libraries Community News Security About Ruby Menu Ruby 3.2.2 Released Posted by naruse on 30 Mar 2023 Ruby 3.2.2 has been . released This release includes security fixes . Please check the topics below for . details CVE-2023-28755 : ReDoS vulnerability in URI CVE-2023-28756 : ReDoS vulnerability in Time See the GitHub releases for further . details Download https : cache.ruby-lang.org pub ruby 3.2 ruby-3.2.2.tar.gz SIZE : 20467023 SHA1 : 670fce00d83771a1349b116e56a8a3b0ad323769 SHA256 : 96c57558871a6748de5bc9f274e93f4b5aad06cd8f37befa0e8d94e7b8a423bc SHA512 : bcc68f3f24c1c8987d9c80b57332e5791f25b935ba38daf5addf60dbfe3a05f9dcaf21909681b88e862c67c6ed103150f73259c6e35c564f13a00f432e3c1e46 https : cache.ruby-lang.org pub ruby 3.2
Updated: 2023-03-30 00:00:00
Ruby A Programmer's Best Friend Home Downloads Documentation Libraries Community News Security About Ruby Menu Ruby 3.1.4 Released Posted by nagachika on 30 Mar 2023 Ruby 3.1.4 has been . released This release includes security fixes . Please check the topics below for . details CVE-2023-28755 : ReDoS vulnerability in URI CVE-2023-28756 : ReDoS vulnerability in Time See the GitHub releases for further . details Download https : cache.ruby-lang.org pub ruby 3.1 ruby-3.1.4.tar.gz SIZE : 20917933 SHA1 : 38eddfc5a7536b6c8133183563009a4ed9bbe6db SHA256 : a3d55879a0dfab1d7141fdf10d22a07dbf8e5cdc4415da1bde06127d5cc3c7b6 SHA512 : 41cf1561dd7eb249bb2c2f5ea958884880648cc1d11da9315f14158a2d0ff94b2c5c7d75291a67e57e1813d2ec7b618e5372a9f18ee93be6ed306f47b0d3199a https : cache.ruby-lang.org pub ruby 3.1
Updated: 2023-03-30 00:00:00
Ruby A Programmer's Best Friend Home Downloads Documentation Libraries Community News Security About Ruby Menu Ruby 3.0.6 Released Posted by usa on 30 Mar 2023 Ruby 3.0.6 has been . released This release includes security fixes . Please check the topics below for . details CVE-2023-28755 : ReDoS vulnerability in URI CVE-2023-28756 : ReDoS vulnerability in Time This release also includes some bug fixes . See the GitHub releases for further . details After this release , we end the normal maintenance phase of Ruby 3.0, and Ruby 3.0 enters the security maintenance phase . This means that we will no longer backport any bug fixes to Ruby 3.0 except security . fixes The term of the security maintenance phase is scheduled for a year . Ruby 3.0 reaches EOL and its official support ends by the end
Updated: 2023-03-30 00:00:00
Ruby A Programmer's Best Friend Home Downloads Documentation Libraries Community News Security About Ruby Menu Ruby 2.7.8 Released Posted by usa on 30 Mar 2023 Ruby 2.7.8 has been . released This release includes security fixes . Please check the topics below for . details CVE-2023-28755 : ReDoS vulnerability in URI CVE-2023-28756 : ReDoS vulnerability in Time This release also includes some build problem fixes . See the GitHub releases for further . details After this release , Ruby 2.7 reaches EOL . In other words , this is expected to be the last release of Ruby 2.7 series . We will not release Ruby 2.7.9 even if a security vulnerability is found but could release if a severe regression is found We recommend all Ruby 2.7 users to start migration to Ruby 3.2, 3.1, or 3.0 . immediately
Updated: 2023-03-28 01:00:00
: Ruby A Programmer's Best Friend Home Downloads Documentation Libraries Community News Security About Ruby Menu CVE-2023-28755 : ReDoS vulnerability in URI Posted by hsbt on 28 Mar 2023 We have released the uri gem version 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1 that has a security fix for a ReDoS vulnerability . This vulnerability has been assigned the CVE identifier CVE-2023-28755 Details A ReDoS issue was discovered in the URI component . The URI parser mishandles invalid URLs that have specific characters . It causes an increase in execution time for parsing strings to URI . objects The uri gem version 0.12.0, 0.11.0, 0.10.1, 0.10.0 and all versions prior 0.10.0 are vulnerable for this . vulnerability Recommended action We recommend to update the uri gem to 0.12.1. In order to ensure
