ruby-changelog icon indicating copy to clipboard operation
ruby-changelog copied to clipboard

Published 20 hours ago verified publisher icon kowal

Update all Ruby Releases + CVE information

Open captn3m0 opened this issue 11 months ago • 1 comments

This is just before the upcoming 3.4 release in a few days.

A few notes:

  • The CVE -> Ruby mapping not perfect. For example, https://github.com/ruby/ruby/releases/tag/v3_3_5 notes a [ReXML backport](Bug #20667: Backport REXML CVE fixes), which fixes CVE-2024-43398 with a version bump on rexml. However, it doesn't show up for us.

  • With higher frequency of patch releases, the timeline view doesn't show most patch releases, except the latest image

  • I did not find any noteworthy feature additions or internal changes in the added releases, so there are no additional comments.

These are the releases I added:

  • 3.3.4
  • 3.3.5
  • 3.3.6
  • 3.2.5
  • 3.2.6
  • 2.7.8

I'll file a separate PR for 3.4 once it lands.

captn3m0 avatar Dec 23 '24 07:12 captn3m0

Could this be merged?

captn3m0 avatar Jan 26 '25 16:01 captn3m0

Hi @captn3m0, thanks for the pull request and apologies for not getting back. I'll check your PR this week.

kowal avatar May 26 '25 13:05 kowal