Unsafe Object Deserialization Vulnerability in RubyGems - RubyGems Blog
Hello everyone! An unsafe object deserialization vulnerability was found in RubyGems. Unfortunately this vulnerability can be used as a way to escalate to a remote code execution exploit. The good news is that this issue was responsibly reported to the RubyGems team by Max Justicz, and we were able to promptly fix it. The RubyGems team audited all Gems, and using the data available to us we can sa
Funding Rubygems.org - RubyGems Blog
Since the early days of Ruby, Ruby Central, Inc. has served as an organizational anchor for our community. Starting in 2001, with the organization of the first International Ruby Conference, we have been responsible for running RubyConf and subsequently RailsConf. Thanks to you all, our conferences have enjoyed broad, sustainable success, endowing us with a solid financial foundation, which we the
RubyGems.org gem replacement vulnerability and mitigation - RubyGems Blog
Summary RubyGems.org contained a bug that could allow an attacker to replace some .gem files on our servers with a different file that they supplied. We deployed a partial fix on April 2nd and a complete fix on April 4th, 2016. We also verified every .gem uploaded after Feb 8th, 2015, and found that none of them had been replaced. Gems whose name contains a dash (e.g. ‘blank-blank’) uploaded befor
1
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
処理を実行中です
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
