Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: ruby/ruby
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v4.0.2
Choose a base ref
...
head repository: ruby/ruby
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v4.0.3
Choose a head ref
  • 3 commits
  • 4 files changed
  • 2 contributors

Commits on Apr 21, 2026

  1. [ruby/erb] Prohibit def_method on marshal-loaded ERB instances 

    Extends the @_init guard to def_method so that an ERB object created
via Marshal.load (which bypasses initialize) raises ArgumentError
instead of evaluating arbitrary source. def_module and def_class both
delegate to def_method and are covered by the same check.

Co-authored-by: Tristan Madani <TristanInSec@gmail.com>
    @k0kubun @TristanInSec
    k0kubun and TristanInSec committed Apr 21, 2026
    Configuration menu
    Copy the full SHA
    fce0a26 View commit details
    Browse the repository at this point in the history

  2. [ruby/erb] Version 6.0.1.1

    @k0kubun
    k0kubun committed Apr 21, 2026
    Configuration menu
    Copy the full SHA
    0506ad9 View commit details
    Browse the repository at this point in the history

  3. v4.0.3

    @k0kubun
    k0kubun committed Apr 21, 2026
    Configuration menu
    Copy the full SHA
    85ddef2 View commit details
    Browse the repository at this point in the history
Loading