Ruby versions 2.3.8, 2.4.5, and 2.5.2 are now available

Change effective on 17 October 2018

Ruby versions 2.3.8, 2.4.5, and 2.5.2 are security releases made due to these vulnerabilities:

  • CVE-2018-16396: Tainted flags are not propagated in Array#pack and String#unpack with some directives
  • CVE-2018-16395: OpenSSL::X509::Name equality check does not work correctly

To ensure that your application is not impacted by any of these vulnerabilities please upgrade your app to the latest version in the series. You can see the latest versions on the Ruby support page.