Change effective on 17 October 2018
Ruby versions 2.3.8, 2.4.5, and 2.5.2 are security releases made due to these vulnerabilities:
Array#pack
and String#unpack
with some directivesOpenSSL::X509::Name
equality check does not work correctlyTo ensure that your application is not impacted by any of these vulnerabilities please upgrade your app to the latest version in the series. You can see the latest versions on the Ruby support page.