Ruby 2.4.2发布，修复安全问题

Ruby 2.4.2 已发布，该版本修复了安全问题：

• CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf

• CVE-2017-10784: Escape sequence injection vulnerability in the Basic authentication of WEBrick

• CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 decode

• CVE-2017-14064: Heap exposure in generating JSON

• Multiple vulnerabilities in RubyGems

• Update bundled libyaml to version 0.1.7.

还修复了许多 bug，查看提交日志了解更多细节。

已知的问题

An incompatibility has been found for Ruby 2.4.2. Ruby 2.4.2 can not link with libgmp nor jemalloc. We will fix this problem with the next release, but if you are facing the problem now and need to overcome it immediately, get a patch from this link:

• Ruby 2.4.2 and 2.3.5 cannot link with libgmp nor jemalloc

详情点此参阅。