-
Mon Sep 19 2022 Jarek Prokop <jprokop@redhat.com> - 2.7.6-131
- Upgrade to Ruby 2.7.6.
Resolves: rhbz#2128631
- Fix buffer overflow in CGI.escape_html.
Resolves: CVE-2021-41816
- Fix Regular Expression Denial of Service Vulnerability of Date parsing methods.
Resolves: CVE-2021-41817
- Fix cookie prefix spoofing in CGI::Cookie.parse.
Resolves: CVE-2021-41819
- Fix buffer overrun in String-to-Float conversion.
Resolves: CVE-2022-28739
-
Thu Jul 15 2021 Jun Aruga <jaruga@redhat.com> - 2.7.4-130
- Upgrade to Ruby 2.7.4.
- Fix command injection vulnerability in RDoc.
Resolves: CVE-2021-31799
- Fix FTP PASV command response can cause Net::FTP to connect to arbitrary host.
Resolves: CVE-2021-31810
- Fix StartTLS stripping vulnerability in Net::IMAP.
Resolves: CVE-2021-32066
- Revert a commit changing CFLAGS to avoid failures in test_jit.rb.
- Upgrade to Bundler 2.2.24.
Resolves: CVE-2020-36327
- Fix some failing Bundler tests with old Git.
-
Tue Oct 13 2020 Vít Ondruch <vondruch@redhat.com> - 2.7.3-129
- Upgrade to Ruby 2.7.3.
Resolves: rhbz#1947931
- Resolv::DNS: timeouts if multiple IPv6 name servers are given and address
contains leading zero
Resolves: rhbz#1950016
-
Tue Apr 14 2020 Jun Aruga <jaruga@redhat.com> - 2.7.1-128
- Upgrade to Ruby 2.7.1.
Resolves: rhbz#1826872
- Call load builtin macro if it is defined, or call own load macro.
-
Thu Apr 02 2020 Jun Aruga <jaruga@redhat.com> 2.7.0-127
- Fix did_you_mean (LoadError) that happens when running `bundle install`.
Resolves: rhbz#1819245
-
Thu Mar 12 2020 Jun Aruga <jaruga@redhat.com> 2.7.0-126
- Provide StdLib links for Racc and install it by default.
-
Thu Jan 16 2020 Jun Aruga <jaruga@redhat.com> 2.7.0-125
- Upgrade to Ruby 2.7.0.
-
Mon Mar 25 2019 Vít Ondruch <vondruch@redhat.com> - 2.6.2-118
- Exclude {rdoc,irb}.rb dangling symlinks from ruby-libs.
-
Tue Mar 19 2019 Vít Ondruch <vondruch@redhat.com> - 2.6.2-117
- Link IRB back to StdLib.
-
Thu Mar 14 2019 Vít Ondruch <vondruch@redhat.com> - 2.6.2-116
- Upgrade to Ruby 2.6.2.