diff --git a/ChangeLog b/ChangeLog index 3ca4e25a48..da0722a65e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +Wed Feb 6 13:03:00 2013 Zachary Scott + + * doc/security.rdoc: Add link to CVEs on ruby-lang.org/en/security + Wed Feb 6 12:49:00 2013 Zachary Scott * NEWS: Add note about removal of CSV::load and CSV::dump from r39077 diff --git a/doc/security.rdoc b/doc/security.rdoc index 566920a5c1..16df93f540 100644 --- a/doc/security.rdoc +++ b/doc/security.rdoc @@ -6,6 +6,9 @@ pitfalls often encountered by newcomers and experienced Rubyists alike. This document aims to discuss many of these pitfalls and provide more secure alternatives where applicable. +Please check the full list of publicly known CVEs and how to correctly report a +security vulnerability, at: http://www.ruby-lang.org/en/security/ + == $SAFE Ruby provides a mechanism to restrict what operations can be performed by Ruby