Ruby versions 2.3.8, 2.4.5, and 2.5.2 are now available
Change effective on 17 October 2018
- CVE-2018-16396: Tainted flags are not propagated in
String#unpackwith some directives
OpenSSL::X509::Nameequality check does not work correctly
To ensure that your application is not impacted by any of these vulnerabilities please upgrade your app to the latest version in the series. You can see the latest versions on the Ruby support page.