-
Mon Apr 14 2025 Jarek Prokop <jprokop@redhat.com> - 3.3.8-10
- Upgrade to Ruby 3.3.8.
Resolves: RHEL-87342
- Fix Net::IMAP vulnerable to possible DoS by memory exhaustion. (CVE-2025-25186)
- Fix Denial of Service in CGI::Cookie.parse. (CVE-2025-27219)
Resolves: RHEL-86116
- Fix userinfo leakage in URI#join, URI#merge and URI#+. (CVE-2025-27221)
-
Thu Jan 30 2025 Jun Aruga <jaruga@redhat.com> - 3.3.7-9
- Upgrade to Ruby 3.3.7
Resolves: RHEL-77994
- Fix Ruby OpenSSL to respect crypto-policies TLS minimal version.
Resolves: RHEL-21019
-
Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com>
- Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018
-
Wed Sep 04 2024 Jarek Prokop <jprokop@redhat.com> - 3.3.5-7
- Upgrade to Ruby 3.3.5
Resolves: RHEL-59035
- Fix DoS vulnerability in rexml.
(CVE-2024-39908)
(CVE-2024-41946)
(CVE-2024-43398)
Resolves: RHEL-57047
Resolves: RHEL-57059
Resolves: RHEL-57070
- Fix REXML DoS when parsing an XML having many specific characters such as
whitespace character, >] and ]>.
(CVE-2024-41123)
Resolves: RHEL-52802
-
Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com>
- Bump release for June 2024 mass rebuild
-
Thu May 09 2024 Jun Aruga <jaruga@redhat.com> - 3.3.1-5
- Upgrade to Ruby 3.3.1.
Resolves: RHEL-33975
- Fix buffer overread vulnerability in StringIO.
Resolves: RHEL-34124
- Fix RCE vulnerability with .rdoc_options in RDoc.
Resolves: RHEL-34116
- Fix arbitrary memory address read vulnerability with Regex search.
Resolves: RHEL-33866
-
Fri Jan 26 2024 Jarek Prokop <jprokop@redhat.com> - 3.3.0-4
- Do not set AI_ADDRCONFIG by default when calling getaddrinfo(3).
-
Mon Jan 22 2024 Fedora Release Engineering <releng@fedoraproject.org>
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
-
Mon Jan 15 2024 Jarek Prokop <jprokop@redhat.com> - 3.3.0-2
- Fix compiling coroutines with aarch64's branch protection.
-
Tue Jan 02 2024 Vít Ondruch <vondruch@redhat.com> - 3.3.0-1
- Upgrade to Ruby 3.3.0.
Resolves: rhbz#2255918