Copy news from en

Author: riseshia

ko/news/_posts/2022-11-22-http-response-splitting-in-cgi-cve-2021-33621.md

@@ -0,0 +1,35 @@
+---
+layout: news_post
+title: "CVE-2021-33621: HTTP response splitting in CGI"
+author: "mame"
+translator:
+date: 2022-11-22 02:00:00 +0000
+tags: security
+lang: en
+---
+
+We have released the cgi gem version 0.3.5, 0.2.2, and 0.1.0.2 that has a security fix for a HTTP response splitting vulnerability.
+This vulnerability has been assigned the CVE identifier [CVE-2021-33621](https://nvd.nist.gov/vuln/detail/CVE-2021-33621).
+
+## Details
+
+If an application that generates HTTP responses using the cgi gem with untrusted user input, an attacker can exploit it to inject a malicious HTTP response header and/or body.
+
+Also, the contents for a `CGI::Cookie` object were not checked properly. If an application creates a `CGI::Cookie` object based on user input, an attacker may exploit it to inject invalid attributes in `Set-Cookie` header. We think such applications are unlikely, but we have included a change to check arguments for `CGI::Cookie#initialize` preventatively.
+
+Please update the cgi gem to version 0.3.5, 0.2.2, and 0.1.0.2, or later. You can use `gem update cgi` to update it.
+If you are using bundler, please add `gem "cgi", ">= 0.3.5"` to your `Gemfile`.
+
+## Affected versions
+
+* cgi gem 0.3.3 or before
+* cgi gem 0.2.1 or before
+* cgi gem 0.1.1 or 0.1.0.1 or 0.1.0
+
+## Credits
+
+Thanks to [Hiroshi Tokumaru](https://hackerone.com/htokumaru?type=user) for discovering this issue.
+
+## History
+
+* Originally published at 2022-11-22 02:00:00 (UTC)

ko/news/_posts/2022-11-24-ruby-2-7-7-released.md

@@ -0,0 +1,55 @@
+---
+layout: news_post
+title: "Ruby 2.7.7 Released"
+author: "usa"
+translator:
+date: 2022-11-24 12:00:00 +0000
+lang: en
+---
+
+Ruby 2.7.7 has been released.
+
+This release includes a security fix.
+Please check the topics below for details.
+
+* [CVE-2021-33621: HTTP response splitting in CGI]({%link en/news/_posts/2022-11-22-http-response-splitting-in-cgi-cve-2021-33621.md %})
+
+This release also includes some build problem fixes. They are not considered to affect compatibility with previous versions.
+See the [commit logs](https://github.com/ruby/ruby/compare/v2_7_6...v2_7_7) for further details.
+
+## Download
+
+{% assign release = site.data.releases | where: "version", "2.7.7" | first %}
+
+* <{{ release.url.bz2 }}>
+
+      SIZE: {{ release.size.bz2 }}
+      SHA1: {{ release.sha1.bz2 }}
+      SHA256: {{ release.sha256.bz2 }}
+      SHA512: {{ release.sha512.bz2 }}
+
+* <{{ release.url.gz }}>
+
+      SIZE: {{ release.size.gz }}
+      SHA1: {{ release.sha1.gz }}
+      SHA256: {{ release.sha256.gz }}
+      SHA512: {{ release.sha512.gz }}
+
+* <{{ release.url.xz }}>
+
+      SIZE: {{ release.size.xz }}
+      SHA1: {{ release.sha1.xz }}
+      SHA256: {{ release.sha256.xz }}
+      SHA512: {{ release.sha512.xz }}
+
+* <{{ release.url.zip }}>
+
+      SIZE: {{ release.size.zip }}
+      SHA1: {{ release.sha1.zip }}
+      SHA256: {{ release.sha256.zip }}
+      SHA512: {{ release.sha512.zip }}
+
+## Release Comment
+
+Many committers, developers, and users who provided bug reports helped us make this release.
+Thanks for their contributions.

ko/news/_posts/2022-11-24-ruby-3-0-5-released.md

@@ -0,0 +1,50 @@
+---
+layout: news_post
+title: "Ruby 3.0.5 Released"
+author: "usa"
+translator:
+date: 2022-11-24 12:00:00 +0000
+lang: en
+---
+
+Ruby 3.0.5 has been released.
+
+This release includes a security fix.
+Please check the topics below for details.
+
+* [CVE-2021-33621: HTTP response splitting in CGI]({%link en/news/_posts/2022-11-22-http-response-splitting-in-cgi-cve-2021-33621.md %})
+
+This release also includes some bug fixes.
+See the [commit logs](https://github.com/ruby/ruby/compare/v3_0_4...v3_0_5) for further details.
+
+## Download
+
+{% assign release = site.data.releases | where: "version", "3.0.5" | first %}
+
+* <{{ release.url.gz }}>
+
+      SIZE: {{ release.size.gz }}
+      SHA1: {{ release.sha1.gz }}
+      SHA256: {{ release.sha256.gz }}
+      SHA512: {{ release.sha512.gz }}
+
+* <{{ release.url.xz }}>
+
+      SIZE: {{ release.size.xz }}
+      SHA1: {{ release.sha1.xz }}
+      SHA256: {{ release.sha256.xz }}
+      SHA512: {{ release.sha512.xz }}
+
+* <{{ release.url.zip }}>
+
+      SIZE: {{ release.size.zip }}
+      SHA1: {{ release.sha1.zip }}
+      SHA256: {{ release.sha256.zip }}
+      SHA512: {{ release.sha512.zip }}
+
+## Release Comment
+
+Many committers, developers, and users who provided bug reports helped us make this release.
+Thanks for their contributions.
+
+The maintenance of Ruby 3.0, including this release, is based on the "Agreement for the Ruby stable version" of the Ruby Association.

ko/news/_posts/2022-11-24-ruby-3-1-3-released.md

@@ -0,0 +1,50 @@
+---
+layout: news_post
+title: "Ruby 3.1.3 Released"
+author: "nagachika"
+translator:
+date: 2022-11-24 12:00:00 +0000
+lang: en
+---
+
+Ruby 3.1.3 has been released.
+
+This release includes a security fix.
+Please check the topics below for details.
+
+* [CVE-2021-33621: HTTP response splitting in CGI]({%link en/news/_posts/2022-11-22-http-response-splitting-in-cgi-cve-2021-33621.md %})
+
+This release also includes a fix for build failure with Xcode 14 and macOS 13 (Ventura).
+See [the related ticket](https://bugs.ruby-lang.org/issues/18912) for more details.
+
+See the [commit logs](https://github.com/ruby/ruby/compare/v3_1_2...v3_1_3) for further details.
+
+## Download
+
+{% assign release = site.data.releases | where: "version", "3.1.3" | first %}
+
+* <{{ release.url.gz }}>
+
+      SIZE: {{ release.size.gz }}
+      SHA1: {{ release.sha1.gz }}
+      SHA256: {{ release.sha256.gz }}
+      SHA512: {{ release.sha512.gz }}
+
+* <{{ release.url.xz }}>
+
+      SIZE: {{ release.size.xz }}
+      SHA1: {{ release.sha1.xz }}
+      SHA256: {{ release.sha256.xz }}
+      SHA512: {{ release.sha512.xz }}
+
+* <{{ release.url.zip }}>
+
+      SIZE: {{ release.size.zip }}
+      SHA1: {{ release.sha1.zip }}
+      SHA256: {{ release.sha256.zip }}
+      SHA512: {{ release.sha512.zip }}
+
+## Release Comment
+
+Many committers, developers, and users who provided bug reports helped us make this release.
+Thanks for their contributions.