ruby

This release includes the following security fixes:

• CVE-2025-61594: URI Credential Leakage Bypass previous fixes | Ruby
• CVE-2025-58767: DoS vulnerability in REXML | Ruby

and the following fixes for some issues:

• Build issue of using Ruby 4.0 w...

What's Changed

• Bug #21812: Kernel#sleep without arguments returns immediately when subprocess exits in another thread (regression in Ruby 4.0) - Ruby - Ruby Issue Tracking System
• [Bug #21828: An incorrect warning message related to benchmark is shown when using benchmark-ips - Ruby - Ruby Issue Tracking System](https://bugs.ruby-lang.org/is...

See also:

• Release 3.5.0-preview1 · ruby/ruby
• Release 4.0.0-preview2 · ruby/ruby
• Release 4.0.0-preview3 · ruby/ruby

What's Changed

• [Bump RDoc to 7.0.1 by st0012 · Pull Request #15628](https://gith...

What's Changed

• YJIT: omit single ractor mode assumption for proc#call by luke-gruber · Pull Request #15092
• ZJIT: Inline BasicObject#! by tekknolagi · Pull Request #15201
• [Bug #21697: nmake up will update broken revision.h - Ruby - Ruby Issue Tracking System](https://bugs.ruby-lang.org/issues/2...

What's Changed

• Bug #21629: Ruby-3.4.7 prints -Wdefault-const-init-field-unsafe warnings on clang / llvm 21 - Ruby - Ruby Issue Tracking System
• Bug #21626: Backport WASI setjmp handler memory leak fixes - Ruby - Ruby Issue Tracking System
• [Bug #21631: Backport openssl gem bugfix releases - Ruby - Rub...