Ruby Issue Tracking System

11/06/2025

06:18 PM Ruby Bug #21667: CVE-2024-12224

Excellent news, glad to see the patch progressing.
How quickly can we release new versions of Ruby to include this patch? mcandre (Andrew Pennebaker)

02:25 PM Ruby Bug #21667: CVE-2024-12224

Wiz reports a servo/rust-url package. Curious if Ruby is using this package strictly at the point in time when the Ruby language is being compiled, possibly even an integration test suite. Or perhaps servo ends up as a portion of the Rub... mcandre (Andrew Pennebaker)

11/04/2025

04:55 PM Ruby Bug #21667 (Closed): CVE-2024-12224

ruby-build triggers Wiz finding CVE-2024-12224 for the leftover build files, when compiling Ruby from source. mcandre (Andrew Pennebaker)

06/19/2019

06:44 PM Ruby Feature #15942 (Third Party's Issue): gem: Warn on known vulnerable packages

In comparison to RubyGems, NPM offers builtin warnings when users attempt to install packages with known vulnerabilities. This helps developers to more quickly react to security concerns, updating or replacing their dependencies.
CI a... mcandre (Andrew Pennebaker)

04/05/2016

03:41 PM Ruby Bug #12250 (Rejected): Ruby segfaults on `foodcritic .`

Trace:
```
Downloads$ foodcritic .
/Users/andrew.pennebaker/.gem/ruby/2.0.0/gems/nokogiri-1.6.6.2/lib/nokogiri/nokogiri.bundle: [BUG] Segmentation fault
(snip)
Abort trap: 6
``` mcandre (Andrew Pennebaker)