ESB-2019.1154 - [Win][UNIX/Linux] Ruby 2.3: Reduced security - Unknown/unspecified 2019-04-05

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2019.1154
                       Support of Ruby 2.3 has ended
                               5 April 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Ruby 2.3
Publisher:         rails
Operating System:  UNIX variants (UNIX, Linux, OSX)
                   Windows
Impact/Access:     Reduced Security -- Unknown/Unspecified
Resolution:        Patch/Upgrade

Original Bulletin: 
   https://www.ruby-lang.org/en/news/2019/03/31/support-of-ruby-2-3-has-ended/

- --------------------------BEGIN INCLUDED TEXT--------------------

Support of Ruby 2.3 has ended

Posted by antonpaisov on 31 Mar 2019

We announce that all support of the Ruby 2.3 series has ended.

After the release of Ruby 2.3.7 on March 28, 2018, the support of the Ruby 2.3
series was in the security maintenance phase. Now, after one year has passed,
this phase has ended. Therefore, on March 31, 2019, all support of the Ruby 2.3
series ends. Security and bug fixes from more recent Ruby versions will no
longer be backported to 2.3. There won  t be any patches of 2.3 either. We
highly recommend that you upgrade to Ruby 2.6 or 2.5 as soon as possible.

About currently supported Ruby versions

Ruby 2.6 series

Currently in normal maintenance phase. We will backport bug fixes and release
with the fixes whenever necessary. And, if a critical security issue is found,
we will release an urgent fix for it.

Ruby 2.5 series

Currently in normal maintenance phase. We will backport bug fixes and release
with the fixes whenever necessary. And, if a critical security issue is found,
we will release an urgent fix for it.

Ruby 2.4 series

Currently in security maintenance phase. We will never backport any bug fixes
to 2.4 except security fixes. If a critical security issue is found, we will
release an urgent fix for it. We are planning to end the support of the Ruby
2.4 series on March 31, 2020.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXKaXHWaOgq3Tt24GAQj5MBAAxmkyFb5AhX4FlRX4ATQ3g+P7ClVoT29O
C0q+UT1X7+Am1jTAAl6CQMyRqmZEhtBfngiZZ9RCpfwvt1TqLVM+h6Trn8HCitmX
kpZp871qHjgRah1TBugQ162mL6Nah4Ke5OSotqFrmPkaf7LQzvUXm5StpSPE1D22
mJxDORagPqP6IbVKzANRiQeKeQ1xrDNtNxpzh5xGRHzwR9Q3oNJUYqnYXb2eFrYy
SvImP9Up4SKYHO+pseTFT+Gh8R16a3n6v77wg/hDCSgBccD/OMwT/muqwHd/cf4H
yZZuyJFBEG5zQtM9SX5/85yxPWrrS7/yZlGtvwcbT7npWV3dFulqfhljX4oO0d6f
mzRrwvBYExl44n55babXQwavopexHyDTOnv0vmZkVyG4KTBJ6TxD1O+2zQHW21hP
TDWJ+E1mJYvjDWKFsuR6DKPZEXKuS23XCra1cqD24t+c/000P8BqxhoxjSfGCGrv
o0tlq3B4Gp89s+833drTekN5jmxlpvVk7VJImxdSDu4FSe+U42AwJ+s0vATP0yuM
rf8yO8xM8wHy2wnyz8q7+pKdjirX4aQj8uMF4URT2bhgeTwjvsgwaZyM5IQSsz+e
f3TS+9fY8X/lJS6novH+RzBWvJjrlXThZM0J+cJkEgopkoL+U0Nh2Ffkwijow0Vb
fOaexbNuSNQ=
=4oSq
-----END PGP SIGNATURE-----

« Back to bulletins