Package ruby-bundled-gems-3.3.10-5.module+el8.10.0+774+7e670c9a.i686 content_copy download

×

* Thu Nov 13 2025 Jun Aruga <jaruga@redhat.com> - 3.3.10-5
- Upgrade to Ruby 3.3.10.
  Resolves: RHEL-106820
- Fix possible denial of service in resolv gem (CVE-2025-24294)
- Fix URI Credential Leakage Bypass previous fixes. (CVE-2025-61594)
- Fix REXML denial of service. (CVE-2025-58767)
  Resolves: RHEL-122012

* Fri Apr 11 2025 Jarek Prokop <jprokop@redhat.com> - 3.3.8-4
- Upgrade to Ruby 3.3.8.
  Resolves: RHEL-68632
- Fix Net::IMAP vulnerable to possible DoS by memory exhaustion. (CVE-2025-25186)
- Fix Denial of Service in CGI::Cookie.parse. (CVE-2025-27219)
- Fix userinfo leakage in URI#join, URI#merge and URI#+. (CVE-2025-27221)

* Wed Sep 04 2024 Jarek Prokop <jprokop@redhat.com> - 3.3.5-3
- Upgrade to Ruby 3.3.5
  Resolves: RHEL-55409
- Fix DoS vulnerability in rexml.
  (CVE-2024-39908)
  (CVE-2024-41946)
  (CVE-2024-43398)
  Resolves: RHEL-57049
  Resolves: RHEL-57054
  Resolves: RHEL-57069
- Fix REXML DoS when parsing an XML having many specific characters such as
  whitespace character, >] and ]>.
  (CVE-2024-41123)
  Resolves: RHEL-52783

* Fri Jun 07 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 3.3.1-2
- Rebuilt for MSVSphere 8.10

* Mon May 20 2024 Jarek Prokop <jprokop@redhat.com> - 3.3.1-2
- Upgrade to Ruby 3.3.1.
  Resolves: RHEL-37446
- Fix buffer overread vulnerability in StringIO.
  (CVE-2024-27280)
  Resolves: RHEL-37448
- Fix RCE vulnerability with .rdoc_options in RDoc.
  (CVE-2024-27281)
  Resolves: RHEL-37449
- Fix Arbitrary memory address read vulnerability with Regex search.
  (CVE-2024-27282)
  Resolves: RHEL-37447

* Thu Jan 18 2024 Jarek Prokop <jprokop@redhat.com> - 3.3.0-1
- Upgrade to Ruby 3.3.0.
  Resolves: RHEL-17090

* Thu Apr 21 2022 Jarek Prokop <jprokop@redhat.com> - 3.1.2-141
- Upgrade to Ruby 3.1.2.
  Resolves: rhbz#2063772

* Tue Oct 05 2021 Jarek Prokop <jprokop@redhat.com> - 3.0.2-140
- Fix rubygem-irb upgrade not working due to directory -> symlink conversion.
  Resolves: rhbz#2010949

* Tue Jul 13 2021 Jarek Prokop <jprokop@redhat.com> - 3.0.2-139
- Upgrade to Ruby 3.0.2.
  Related: rhbz#1938942
- Fix command injection vulnerability in RDoc. (CVE-2021-31799)
- Fix FTP PASV command response can cause Net::FTP to connect to arbitrary host.
  (CVE-2021-31810)
- Fix StartTLS stripping vulnerability in Net::IMAP (CVE-2021-32066)
- Fix dependencies of gems with explicit source installed from a
  different source. (CVE-2020-36327)
- Pass ldflags to gem install via CONFIGURE_ARGS.
  The same comment on the changelog 3.0.1-138 was wrong.

* Mon Jun 07 2021 Jarek Prokop <jprokop@redhat.com> - 3.0.1-138
- Upgrade to Ruby 3.0.1 by merging Fedora rawhide branch (commit: 6b2ff68).
  * Add missing `rubygem-` prefix for bundled provide of 'connection_pool'.
  * Pass ldflags to gem install via CONFIGURE_ARGS
  * Remove IRB dependency from rubygem-rdoc.
  * Fix flaky excon test suite.
  * Properly support DWARF5 debug information.
      Related: rhbz#1920533
  * Bundle OpenSSL into StdLib.
  * Fix SEGFAULT in rubygem-shoulda-matchers test suite.
  * Provide `gem.build_complete` file for binary gems.
  * Re-enable test suite.
  * ruby-default-gems have to depend on rubygem(io-console) due to reline.
  * Fix SEGFAULT preventing rubygem-unicode to build on armv7hl.
  * Add support for reworked RubyGems plugins.
  * Use proper path for plugin wrappers.
  * Extract RSS and REXML into separate subpackages, because they were moved from
     default gems to bundled gems.
  * Drop Net::Telnet and XMLRPC packages, because they were dropped from Ruby.
  Resolves: rhbz#1938942
- Fix FTBFS due to an incompatible load directive.