Package rubygems-3.5.22-4.module+el9.7.0+750+c4b549bf.noarch content_copy download

×

* Fri Apr 11 2025 Jarek Prokop <jprokop@redhat.com> - 3.3.8-4
- Upgrade to Ruby 3.3.8.
  Resolves: RHEL-68631
- Fix Net::IMAP vulnerable to possible DoS by memory exhaustion. (CVE-2025-25186)
- Fix Denial of Service in CGI::Cookie.parse. (CVE-2025-27219)
  Resolves: RHEL-86109
- Fix userinfo leakage in URI#join, URI#merge and URI#+. (CVE-2025-27221)

* Wed Sep 04 2024 Jarek Prokop <jprokop@redhat.com> - 3.3.5-3
- Upgrade to Ruby 3.3.5
  Resolves: RHEL-55411
- Fix DoS vulnerability in rexml.
  (CVE-2024-39908)
  (CVE-2024-41946)
  (CVE-2024-43398)
  Resolves: RHEL-57575
  Resolves: RHEL-57572
  Resolves: RHEL-57068
- Fix REXML DoS when parsing an XML having many specific characters such as
  whitespace character, >] and ]>.
  (CVE-2024-41123)
  Resolves: RHEL-57569
- Fix incorrect symlink for rubygem-irb's library.
  Resolves: RHEL-42646

* Mon May 20 2024 Jarek Prokop <jprokop@redhat.com> - 3.3.1-2
- Upgrade to Ruby 3.3.1.
  Resolves: RHEL-33976
- Fix buffer overread vulnerability in StringIO.
  (CVE-2024-27280)
  Resolves: RHEL-34130
- Fix RCE vulnerability with .rdoc_options in RDoc.
  (CVE-2024-27281)
  Resolves: RHEL-34122
- Fix Arbitrary memory address read vulnerability with Regex search.
  (CVE-2024-27282)
  Resolves: RHEL-33872

* Tue Apr 02 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 3.3.0-1
- Rebuilt for MSVSphere 9.4 beta

* Wed Jan 17 2024 Jarek Prokop <jprokop@redhat.com> - 3.3.0-1
- Upgrade to Ruby 3.3.0.
  Resolves: RHEL-17089

* Sun Dec 03 2023 Jun Aruga <jaruga@redhat.com> - 3.1.2-142
- Bypass git submodule test failure on Git >= 2.38.1.
- Fix tests with Europe/Amsterdam pre-1970 time on tzdata version 2022b.
- Fix for tzdata-2022g.
- Fix OpenSSL.fips_mode and OpenSSL::PKey.read in OpenSSL 3 FIPS.
  Resolves: RHEL-5590
- ssl: use ffdhe2048 from RFC 7919 as the default DH group parameters
  Related: RHEL-5590
- Disable fiddle tests that use FFI closures.
  Related: RHEL-5590