Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Translate CVE-2024-49761 & Ruby 3.2.6 Released (zh_cn) #3413

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Translate CVE-2024-49761 & Ruby 3.2.6 Released (zh_cn) #3413

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 31 additions & 0 deletions zh_cn/news/_posts/2024-10-28-redos-rexml-cve-2024-49761.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
---
layout: news_post
title: "CVE-2024-49761: REXML 中的 ReDoS 漏洞"
author: "kou"
translator: "GAO Jun"
date: 2024-10-28 03:00:00 +0000
tags: security
lang: zh_cn
---

在 REXML gem 中存在 ReDoS 漏洞。此漏洞的 CVE 编号为 [CVE-2024-49761](https://www.cve.org/CVERecord?id=CVE-2024-49761)。我们强烈建议您更新 REXML gem.

此漏洞不影响 Ruby 3.2 及后续版本。Ruby 3.1 是唯一受影响的维护版本。请注意 Ruby 3.1 将在 2025-03 结束生命周期。

## 详情

触发场景:当解析 XML 时,如果在十六进制表达式 (`&#x...;`) 的 `&#` 和 `x` 中间存在大量数字时。

请更新 REXML gem 至 3.3.9 或更高版本。

## 受影响版本

* Ruby 3.1 且 REXML gem 是 3.3.8 或更低版本

## 致谢

感谢 [manun](https://hackerone.com/manun) 发现此问题。

## 历史

* 最初发布于 2024-10-28 03:00:00 (UTC)
42 changes: 42 additions & 0 deletions zh_cn/news/_posts/2024-10-30-ruby-3-2-6-released.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
---
layout: news_post
title: "Ruby 3.2.6 已发布"
author: nagachika
translator: "GAO Jun"
date: 2024-10-30 10:00:00 +0000
lang: zh_cn
---

Ruby 3.2.6 已发布。

您可以通过 [GitHub 发布页](https://github.com/ruby/ruby/releases/tag/v3_2_6) 了解详情。

## 下载

{% assign release = site.data.releases | where: "version", "3.2.6" | first %}

* <{{ release.url.gz }}>

文件大小: {{ release.size.gz }}
SHA1: {{ release.sha1.gz }}
SHA256: {{ release.sha256.gz }}
SHA512: {{ release.sha512.gz }}

* <{{ release.url.xz }}>

文件大小: {{ release.size.xz }}
SHA1: {{ release.sha1.xz }}
SHA256: {{ release.sha256.xz }}
SHA512: {{ release.sha512.xz }}

* <{{ release.url.zip }}>

文件大小: {{ release.size.zip }}
SHA1: {{ release.sha1.zip }}
SHA256: {{ release.sha256.zip }}
SHA512: {{ release.sha512.zip }}

## 发布说明

许多提交者、开发人员以及用户提供了问题报告,帮助我们完成了此版本。
感谢他们的贡献。