security.rd

Here you will find information about security issues of Ruby.

== Reporting Security Vulnerabilities
Security vulnerabilities should be reported via an email to
security@ruby-lang.org (((<the PGP public key|URL:/security.asc>))), which is a private mailing list. Reported
problems will be published after fixes.

== Known issues
Here are recent issues.

* ((<"Buffer over-run in ARGF.inplace_mode="|URL:http://www.ruby-lang.org/en/news/2010/07/02/ruby-1-9-1-p429-is-released/>)) published at 2 Jul, 2010.
* ((<"WEBrick has an Escape Sequence Injection vulnerability"|URL:http://www.ruby-lang.org/en/news/2010/01/10/webrick-escape-sequence-injection//>)) published at 10 Jan, 2010
* ((<"Heap overflow in String"|URL:http://www.ruby-lang.org/en/news/2009/12/07/heap-overflow-in-string/>)) published at 7 Dec, 2009
* ((<"DoS vulnerability in REXML"|URL:/en/news/2008/08/23/dos-vulnerability-in-rexml/>)) published at 23 Aug, 2008
* ((<"Multiple vulnerabilities in Ruby"|URL:/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/>)) published at 8 Aug, 2008
* ((<"Arbitrary code execution vulnerabilities"|URL:/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/>)) published at 20 Jun, 2008
* ((<"File access vulnerability of WEBrick"|URL:/en/news/2008/03/03/webrick-file-access-vulnerability/>)) published at 3 Mar, 2008
* ((<"Net::HTTPS Vulnerability"|URL:/en/news/2007/10/04/net-https-vulnerability/>)) published at 4 Oct, 2007
* ((<"Another DoS Vulnerability in CGI Library"|URL:/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/>)) published at 4 Dec, 2006
* ((<"DoS Vulnerability in CGI Library"|URL:/en/news/2006/11/03/CVE-2006-5467/>)) published at 3 Nov, 2006
* ((<"Ruby vulnerability in the safe level settings"|URL:/en/news/2005/10/03/ruby-vulnerability-in-the-safe-level-settings/>)) published at 2 Oct, 2005