Ruby Releases Tackle Security Issues
-
Ruby 3.0.2 Released
This release includes security fixes. Please check the topics below for details.
-
Ruby 2.7.4 Released
-
Ruby 2.6.8 Released
-
CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP
A trusting FTP PASV responses vulnerability was discovered in Net::FTP. This vulnerability has been assigned the CVE identifier CVE-2021-31810. We strongly recommend upgrading Ruby.
net-ftp is a default gem in Ruby 3.0.1 but it has a packaging issue, so please upgrade Ruby itself.
-
CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP
A StartTLS stripping vulnerability was discovered in Net::FTP. This vulnerability has been assigned the CVE identifier CVE-2021-32066. We strongly recommend upgrading Ruby.
net-imap is a default gem in Ruby 3.0.1 but it has a packaging issue, so please upgrade Ruby itself.
-
