-
Fri Apr 11 2025 Jarek Prokop <jprokop@redhat.com> - 3.3.8-4
- Upgrade to Ruby 3.3.8.
Resolves: RHEL-86933
- Fix Net::IMAP vulnerable to possible DoS by memory exhaustion. (CVE-2025-25186)
- Fix Denial of Service in CGI::Cookie.parse. (CVE-2025-27219)
Resolves: RHEL-87182
- Fix userinfo leakage in URI#join, URI#merge and URI#+. (CVE-2025-27221)
-
Wed Sep 04 2024 Jarek Prokop <jprokop@redhat.com> - 3.3.5-3
- Upgrade to Ruby 3.3.5
Resolves: RHEL-57577
- Fix DoS vulnerability in rexml.
(CVE-2024-39908)
(CVE-2024-41946)
(CVE-2024-43398)
Resolves: RHEL-57574
Resolves: RHEL-57571
Resolves: RHEL-57579
- Fix REXML DoS when parsing an XML having many specific characters such as
whitespace character, >] and ]>.
(CVE-2024-41123)
Resolves: RHEL-57568
- Fix incorrect symlink for rubygem-irb's library.
Resolves: RHEL-57598
-
Mon May 20 2024 Jarek Prokop <jprokop@redhat.com> - 3.3.1-2
- Upgrade to Ruby 3.3.1.
Resolves: RHEL-33976
- Fix buffer overread vulnerability in StringIO.
(CVE-2024-27280)
Resolves: RHEL-34130
- Fix RCE vulnerability with .rdoc_options in RDoc.
(CVE-2024-27281)
Resolves: RHEL-34122
- Fix Arbitrary memory address read vulnerability with Regex search.
(CVE-2024-27282)
Resolves: RHEL-33872
-
Wed Jan 17 2024 Jarek Prokop <jprokop@redhat.com> - 3.3.0-1
- Upgrade to Ruby 3.3.0.
Resolves: RHEL-17089
-
Sun Dec 03 2023 Jun Aruga <jaruga@redhat.com> - 3.1.2-142
- Bypass git submodule test failure on Git >= 2.38.1.
- Fix tests with Europe/Amsterdam pre-1970 time on tzdata version 2022b.
- Fix for tzdata-2022g.
- Fix OpenSSL.fips_mode and OpenSSL::PKey.read in OpenSSL 3 FIPS.
Resolves: RHEL-5590
- ssl: use ffdhe2048 from RFC 7919 as the default DH group parameters
Related: RHEL-5590
- Disable fiddle tests that use FFI closures.
Related: RHEL-5590