The go-to resource for upgrading Ruby, Rails, and your dependencies.
An overview of CVE-2008-3790, a denial-of-service vulnerability in early Ruby versions where the REXML parser allowed unbounded XML entity expansion (the Billion Laughs attack).
Mar 15, 2026