4.2.1 / 2015-12-22
Bug fixes
* Fixed infinite loop with CR #339 by @nobu
* Allow rdoc run with disable-gems #340 by @luizluca
* Don't store full path in GZipped js files #341 by @voxik
* Fix relative path names for drive letters #367 by @nobu
* Fix for valid syntax `class C end` parsing #368 by @nobu
Ruby 2.2.4 Released
Posted by nagachika on 16 Dec 2015
Ruby 2.2.4 has been released.
This release includes a security fix for Fiddle extension. Please view the
topic below for more details.
* CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL
There are also some bugfixes. See ChangeLog for details.
Ruby 2.1.8 Released
Posted by usa on 16 Dec 2015
Ruby 2.1.8 has been released.
This release includes a security fix for Fiddle and DL extension. Please view the topic below for more details.
* CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL
And, many bug fixes are also included. See ChangeLog for details.
Ruby 2.0.0-p648 Released
Posted by usa on 16 Dec 2015
Ruby 2.0.0-p648 has been released.
This release includes a security fix for Fiddle and DL extension. Please view
the topic below for more details.
* CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL
Ruby 2.0.0 is now under the state of the security maintenance phase, until
Feb. 24th, 2016. After the date, maintenace of Ruby 2.0.0 will be ended. We
recommend you start planning migration to newer versions of Ruby, such as 2.1,
2.2 or 2.3 (scheduled to release within a few weeks).
The find-prefix infrastructure was required in a pkgviews world where
packages installed from pkgsrc could have different installation
prefixes, and this was a way for a dependency prefix to be determined.
Now that pkgviews has been removed there is no longer any need for the
overhead of this infrastructure. Instead we use BUILDLINK_PREFIX.pkg
for dependencies pulled in via buildlink, or LOCALBASE/PREFIX where the
dependency is coming from pkgsrc.
Provides a reasonable performance win due to the reduction of `pkg_info
-qp` calls, some of which were redundant anyway as they were duplicating
the same information provided by BUILDLINK_PREFIX.pkg.
Release note:
Ruby 2.2.3 Released
Posted by nagachika on 18 Aug 2015
We are pleased to announce the release of Ruby 2.2.3. This is a TEENY
version release of the stable 2.2 series.
This release includes the security fix for a RubyGems domain name
verification vulnerability.
CVE-2015-3900 Request hijacking vulnerability in RubyGems 2.4.6 and earlier
There are also some bugfixes. See ChangeLog for details.
Release announce:
Ruby 2.1.7 Released
Posted by usa on 18 Aug 2015
Ruby 2.1.7 has been released.
This release includes the security fix for a RubyGems domain name
verification vulnerability. Please view the topic below for more details.
CVE-2015-3900 Request hijacking vulnerability in RubyGems 2.4.6 and earlier
And, many bug fixes are also included. See tickets and ChangeLog for details.
Release announce:
Ruby 2.0.0-p647 Released
Posted by usa on 18 Aug 2015
We are pleased to announce the release of Ruby 2.0.0-p647.
This release includes the security fix for a RubyGems domain name
verification vulnerability. Please view the topic below for more details.
CVE-2015-3900 Request hijacking vulnerability in RubyGems 2.4.6 and earlier
And, this release also includes the fix for a regression of lib/resolv.rb.
Uninitialized constant bug introduced by typo in backport of [#10712]
Ruby 2.0.0 is now under the state of the security maintenance phase, until
Feb. 24th, 2016. After the date, maintenance of Ruby 2.0.0 will be ended. We
recommend you start planning migration to newer versions of Ruby, such as
2.1 or 2.2.
=== 2.4.8 / 2015-06-08
Bug fixes:
* Tightened API endpoint checks for CVE-2015-3900
=== 2.4.7 / 2015-05-14
Bug fixes:
* Backport: Limit API endpoint to original security domain for CVE-2015-3900.
Fix by claudijd
From release announce:
We are pleased to announce the release of Ruby 2.2.2. This is a TEENY version
release of the stable 2.2 series.
This release includes the security fix for a OpenSSL extension¡Çs hostname
verification vulnerability.
CVE-2015-1855: Ruby OpenSSL Hostname Verification
There are also some bugfixes. See ChangeLog for details.
From release announce:
Ruby 2.1.6 has been released.
This release includes a security fix for OpenSSL extension. Please view the
topic below for more details.
CVE-2015-1855: Ruby OpenSSL Hostname Verification
And, many bug fixes are also included. See tickets and ChangeLog for details.
From release announce:
We are pleased to announce the release of Ruby 2.0.0-p645.
This release includes a security fix for OpenSSL extension. Please view the
topic below for more details.
CVE-2015-1855: Ruby OpenSSL Hostname Verification
Ruby 2.0.0 is now under the state of the security maintenance phase, until
Feb. 24th, 2016. After the date, maintenance of Ruby 2.0.0 will be ended. We
recommend you start planning migration to newer versions of Ruby, such as 2.1
or 2.2.
This release includes the security fix mentioned above along with small
changes required for test environment (that shouldn¡Çt affect normal users).
See ChangeLog for full details.
This is the last ordinal release of Ruby 2.0.0. Ruby 2.0.0 goes into the
state of the security maintenance phase, and will never be released unless
any critical regressions or security issues are found. This phase is planned
to be maintained for 1 year. Then, maintenance of Ruby 2.0.0 will be ended
at Feb. 24th, 2016. We recommend to start planning to migrate to newer
versions of Ruby, such as 2.1 or 2.2.
pkgsrc change:
* Change "os" of Gem::Platform, now it change the case of "netbsd" only.
* Reduce patches to builtin rubygems.
* Simplify Gem::Specification definition.
* Remove some pkgsrc specific modifications.
=== 2.4.6 / 2014-02-05
Bug fixes:
* Fixed resolving gems with both upper and lower requirement boundaries.
Issue #1141 by Jakub Jirutka.
* Moved extension directory after require_paths to fix missing constant bugs
in some gems with C extensions. Issue #784 by Andr«± Arko, pull request
#1137 by Barry Allard.
* Use Gem::Dependency#requirement when adding a dependency to an existing
dependency instance. Pull request #1101 by Josh Cheek.
* Fixed warning of shadowed local variable in Gem::Specification. Pull request
#1109 by Rohit Arondekar
* Gem::Requirement should always sort requirements before coercion to Hash.
Pull request #1139 by Eito Katagiri.
* The `gem open` command should change the current working directory before
opening the editor. Pull request #1142 by Alex Wood.
* Ensure quotes are stripped from the Windows launcher script used to install
gems. Pull request #1115 by Youngjun Song.
* Fixed errors when writing to NFS to to 0444 files. Issue #1161 by Emmanuel
Hadoux.
* Removed dead code in Gem::StreamUI. Pull request #1117 by mediaslave24.
* Fixed typos. Pull request #1096 by hakeda.
* Relaxed CMake dependency for RHEL 6 and CentOS 6. Pull request #1124 by V«¿t
Ondruch.
* Relaxed Psych dependency. Pull request #1128 by V«¿t Ondruch.
2.2. It affects ruby 2.1 only.
* Binary packages' file name start with "ruby21-" instead of "ruby215-".
* ${PREFIX}/include/ruby-2.1.5 are changed from ${PREFIX}/include/ruby-2.1.5
to ${PREFIX}/include/ruby-2.1.0.
* ${PREFIX}/lib/ruby/2.1.5 and ${PREFIX}/lib/ruby/gem/2.1.5 are changed
to ${PREFIX}/lib/ruby/2.1.0 and ${PREFIX}/lib/ruby/gem/2.1.0.
Ruby 2.1.4 is released
Ruby 2.1.4 has been released.
This release includes security fixes for the following vulnerabilities:
* CVE-2014-8080: Denial Of Service XML Expansion
* Changed default settings of ext/openssl related to CVE-2014-3566
And there are some bug-fixes.
See tickets and ChangeLog for details.
Ruby 2.1.3 Released
We are pleased to announce the release of Ruby 2.1.3. This is a patchlevel
release of the stable 2.1 series.
This release contains a change of full GC timing to reduce memory consumption
(see Bug #9607), and many bugfixes.
See tickets and ChangeLog for details.
Ruby 2.0.0-p594 Released
We are pleased to announce the release of Ruby 2.0.0-p594.
This release includes a security fix for DoS vulnerability of REXML.
* CVE-2014-8080: Denial Of Service XML Expansion
This release also includes the change of default settings of
ext/openssl. Insecure SSL/TLS options are now turn off by default.
* Changed default settings of ext/openssl
And, many bug fixes are also included. See tickets and ChangeLog for details.
Ruby 2.0.0-p576 Released
We are pleased to announce the release of Ruby 2.0.0-p576, to celebrate the
holding of RubyKaigi2014 in Japan now.
This release includes many bugfixes, such as:
* many fixes of memory leaks and using extra memory.
* many fixes of platform-specific issues (especially in build process).
* many document fixes.
See tickets and ChangeLog for details.
Ruby 1.9.3-p550 Released
We are pleased to announce the release of Ruby 1.9.3-p550.
This release includes a security fix for DoS vulnerability of REXML.
* CVE-2014-8080: Denial Of Service XML Expansion
This release also includes the change of default settings of
ext/openssl. Insecure SSL/TLS options are now turn off by default.
* Changed default settings of ext/openssl
And, in addition, bandled jQuery for darkfish template of RDoc is also
updated.
Almost no functional change to existing packages.
Wed May 14 17:35:32 2014 NAKAMURA Usaku <usa@ruby-lang.org>
* common.mk: need to quote $BASERUBY because it may includes options.
this change is only for release management, not bug fix.
[Backport #9837] [ruby-dev:48218]
Mon Mar 31 15:38:07 2014 Nobuyoshi Nakada <nobu@ruby-lang.org>
* ext/openssl/ossl.c (ossl_make_error): check NULL for unknown
error reasons with old OpenSSL, and insert a colon iff formatted
message is not empty.
