This repository has been archived by the owner on Jan 15, 2023. It is now read-only.
Current ruby release (v2.7.2p137) out of date (now v2.7.6p?) #362
Comments
v2.7.6This release includes a security fix. CVE-2022-28739: Buffer overrun in String-to-Float conversion |
jufemaiz
changed the title
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Note: the source is a lambci S3 bucket which is opaque to me as to how that is managed.
https://github.com/lambci/docker-lambda/blob/master/ruby2.7/run/Dockerfile#L3
Relevant information:
v2.7.3
This release includes security fixes. Please check the topics below for details.
CVE-2021-28965: XML round-trip vulnerability in REXML
CVE-2021-28966: Path traversal in Tempfile on Windows
v2.7.4
This release includes security fixes. Please check the topics below for details.
CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP
CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP
CVE-2021-31799: A command injection vulnerability in RDoc
v2.7.5
This release includes security fixes. Please check the topics below for details.
CVE-2021-41817: Regular Expression Denial of Service Vulnerability of Date Parsing Methods
CVE-2021-41816: Buffer Overrun in CGI.escape_html
CVE-2021-41819: Cookie Prefix Spoofing in CGI::Cookie.parse
The text was updated successfully, but these errors were encountered: