Skip to content
  • Yamagishi Kazutoshi's avatar
    Update Ruby to version 2.4.4 (#6964) · f464f98f
    Yamagishi Kazutoshi authored
    https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/
    
    > This release includes some bug fixes and some security fixes.
    >
    > - CVE-2017-17742: HTTP response splitting in WEBrick
    > - CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir
    > - CVE-2018-8777: DoS by large request in WEBrick
    > - CVE-2018-8778: Buffer under-read in String#unpack
    > - CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket
    > - CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir
    > - Multiple vulnerabilities in RubyGems
    f464f98f