Ruby Security

Ruby Security

The Ruby programming language is large and complex and there are many security pitfalls often encountered by newcomers and experienced Rubyists alike.

This document aims to discuss many of these pitfalls and provide more secure alternatives where applicable.

Please check the full list of publicly known CVEs and how to correctly report a security vulnerability, at: www.ruby-lang.org/en/security/ Japanese version is here: www.ruby-lang.org/ja/security/

Security vulnerabilities should be reported via an email to security@ruby-lang.org (the PGP public key), which is a private mailin