nxt_init
nxt_init copied to clipboard
Upgrade Ruby to 2.7.8
Here is everything you need to know about this upgrade. Please take a good look at what changed and the test results before merging this pull request.
What changed?
Release Notes
2.7.8
2.7.7
Posted by usa on 24 Nov 2022
Ruby 2.7.7 has been released.
This release includes a security fix. Please check the topics below for details.
This release also includes some build problem fixes. They are not considered to affect compatibility with previous versions. See the commit logs for further details.
2.7.6
Posted by usa and mame on 12 Apr 2022
Ruby 2.7.6 has been released.
This release includes a security fix. Please check the topics below for details.
This release also includes some bug fixes. See the commit logs for further details.
After thies release, we end the normal maintenance phase of Ruby 2.7, and Ruby 2.7 enters the security maintenance phase. This means that we will no longer backport any bug fixes to Ruby 2.7 excpet security fixes. Ther term of the security maintenance pahse is scheduled for a year. Ruby 2.7 reaches EOL and its official support ends by the end of the security maintenance phase. Therefore, we recommend that you start to plan upgrade to Ruby 3.0 or 3.1.
2.7.5
Posted by usa on 24 Nov 2021
Ruby 2.7.5 has been released.
This release includes security fixes. Please check the topics below for details.
- CVE-2021-41817: Regular Expression Denial of Service Vulnerability of Date Parsing Methods
- CVE-2021-41816: Buffer Overrun in CGI.escape_html
- CVE-2021-41819: Cookie Prefix Spoofing in CGI::Cookie.parse
See the commit logs for details.
2.7.4
Posted by usa on 7 Jul 2021
Ruby 2.7.4 has been released.
This release includes security fixes. Please check the topics below for details.
- CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP
- CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP
- CVE-2021-31799: A command injection vulnerability in RDoc
See the commit logs for details.
2.7.3
Posted by nagachika on 5 Apr 2021
Ruby 2.7.3 has been released.
This release includes security fixes. Please check the topics below for details.
- CVE-2021-28965: XML round-trip vulnerability in REXML
- CVE-2021-28966: Path traversal in Tempfile on Windows
See the commit logs for details.
2.7.2
Posted by nagachika on 2 Oct 2020
Ruby 2.7.2 has been released.
This release contains intentional incompatibility. The deprecated warnings are off by default on 2.7.2 and later. You can turn on the deprecated warnings by specifing command line option -w or -W:deprecated. Please check the topics below for details.
- Feature #17000 2.7.2 turns off deprecation warnings by default
- Feature #16345 Don’t emit deprecation warnings by default.
This release contains the new version of webrick with a security fix described in the article.
See the commit logs for other changes.
All Depfu comment commands
- @depfu refresh
- Rebases against your default branch and redoes this update
- @depfu recreate
- Recreates this PR, overwriting any edits that you've made to it
- @depfu merge
- Merges this PR once your tests are passing and conflicts are resolved
- @depfu close
- Closes this PR and deletes the branch
- @depfu reopen
- Restores the branch and reopens this PR (if it's closed)
- @depfu pause
- Pauses all engine updates and closes this PR