Skip to content
This repository was archived by the owner on Jan 15, 2023. It is now read-only.
This repository was archived by the owner on Jan 15, 2023. It is now read-only.

Current ruby release (v2.7.2p137) out of date (now v2.7.6p?) #362

Open
Open
Current ruby release (v2.7.2p137) out of date (now v2.7.6p?)#362
@jufemaiz

Description

@jufemaiz
jufemaiz
opened on Apr 14, 2022
RUBY_VERSION: 2.7.5
RUBY_PATCHLEVEL: 203
RUBY_PLATFORM: x86_64-linux
RUBY_RELEASE_DATE: 2021-11-24

Note: the source is a lambci S3 bucket which is opaque to me as to how that is managed.

https://github.com/lambci/docker-lambda/blob/master/ruby2.7/run/Dockerfile#L3

Relevant information:

v2.7.3

This release includes security fixes. Please check the topics below for details.

CVE-2021-28965: XML round-trip vulnerability in REXML
CVE-2021-28966: Path traversal in Tempfile on Windows

v2.7.4

This release includes security fixes. Please check the topics below for details.

CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP
CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP
CVE-2021-31799: A command injection vulnerability in RDoc

v2.7.5

This release includes security fixes. Please check the topics below for details.

CVE-2021-41817: Regular Expression Denial of Service Vulnerability of Date Parsing Methods
CVE-2021-41816: Buffer Overrun in CGI.escape_html
CVE-2021-41819: Cookie Prefix Spoofing in CGI::Cookie.parse

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions