Skip to content
Find file
Fetching contributors…
Cannot retrieve contributors at this time
22 lines (18 sloc) 1.79 KB
Here you will find information about security issues of Ruby.
== Reporting Security Vulnerabilities
Security vulnerabilities should be reported via an email to (((<the PGP public key|URL:/security.asc>))), which is a private mailing list. Reported
problems will be published after fixes.
== Known issues
Here are recent issues.
* ((<"Buffer over-run in ARGF.inplace_mode="|URL:>)) published at 2 Jul, 2010.
* ((<"WEBrick has an Escape Sequence Injection vulnerability"|URL:>)) published at 10 Jan, 2010
* ((<"Heap overflow in String"|URL:>)) published at 7 Dec, 2009
* ((<"DoS vulnerability in REXML"|URL:/en/news/2008/08/23/dos-vulnerability-in-rexml/>)) published at 23 Aug, 2008
* ((<"Multiple vulnerabilities in Ruby"|URL:/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/>)) published at 8 Aug, 2008
* ((<"Arbitrary code execution vulnerabilities"|URL:/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/>)) published at 20 Jun, 2008
* ((<"File access vulnerability of WEBrick"|URL:/en/news/2008/03/03/webrick-file-access-vulnerability/>)) published at 3 Mar, 2008
* ((<"Net::HTTPS Vulnerability"|URL:/en/news/2007/10/04/net-https-vulnerability/>)) published at 4 Oct, 2007
* ((<"Another DoS Vulnerability in CGI Library"|URL:/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/>)) published at 4 Dec, 2006
* ((<"DoS Vulnerability in CGI Library"|URL:/en/news/2006/11/03/CVE-2006-5467/>)) published at 3 Nov, 2006
* ((<"Ruby vulnerability in the safe level settings"|URL:/en/news/2005/10/03/ruby-vulnerability-in-the-safe-level-settings/>)) published at 2 Oct, 2005
Jump to Line
Something went wrong with that request. Please try again.