Ruby 2.4.2 已发布,该版本修复了安全问题: CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf CVE-2017-10784: Escape sequence injection vulnerability in the Basic authentication of WEBrick CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 decode CVE-2017-14064: Heap exposure in generating JSON Multiple vulnerabilities in RubyGems Update bundled libyaml to version 0.1.7. 还修复了许多 bug,查看提交日志了解更多细节。 已知的问题 An incompatibility has been found for Ruby 2.4.2. Ruby 2.4.2 can not link with libgmp nor jemalloc. We will fix this problem with the next release, but if you are facing the problem now and need to overcome it immediately, get a patch from this link: Ruby 2.4.2 and 2.3.5 cannot link with libgmp nor jemalloc 详情点此参阅。 Ruby 2.4.2 发布,修复安全问题下载地址
