Security

SECURITY.md

Security Policy

Reporting a Vulnerability

If you have any security concern, contact matz@ruby.or.jp.

Scope

We consider following issues as vulnerabilities:

Remote code execution
Crash caused by a valid Ruby script

We don't consider following issues as vulnerabilities:

Runtime C undefined behavior (including integer overflow)
Crash caused by misused API
Crash caused by tweaked compiled binary

There aren’t any published security advisories