Rubies 2.2.10, 2.3.7, 2.4.4, and 2.5.1 are now available

Ruby versions 2.2.10, 2.3.7, 2.4.4, and 2.5.1 are security releases made due to these vulnerabilities:

CVE-2017-17742: Response splitting vulnerability in WEBrick

CVE-2018-6914: Directory traversal with Dir.mktmpdir and Tempfile

CVE-2018-8777: webrick large request updates

CVE-2018-8779: Unix domain socket and a path containing a null character

CVE-2018-8778: controlled buffer under-read in pack_unpack_internal()

CVE-2018-8780: NUL-character treatment with Dir

RubyGem 2.7.6 (see https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/)

To ensure that your application is not impacted by any of these vulnerabilities please upgrade your app to the latest version in the series. You can see the latest versions on the Ruby support page.

Ruby 2.2.10 is the last release in the 2.2 series. Please upgrade to at least 2.3.7 or higher as soon as possible.