Ruby 3.4.9 Released
Ruby 3.4.9 has been released. This release includes an update to the zlib gem addressing CVE-2026-27820 , along with other bug fixes. Please see the GitHub releases for further details. We recommend updating your version of the zlib gem. This release has been made for the convenience of those who wish to continue using it as a default gem. Download https://cache.ruby-lang.org/pub/ruby/3.4/ruby-3.4.9.tar.gz SIZE: 22456968 SHA1: 6386200753caf4e336dafceeee165fa73fd234ec SHA256: 7bb4d4f5e807cc27251d14d9d6086d182c5b25875191e44ab15b709cd7a7dd9c SHA512: ac7147c0e575cf74f669abb991ee8695d4191c919f306f124b3ee85d6b61361e752a4f1afb7bdffb49aee21edace1fcc9bf2b074ada15fa6c1eb611354c1d54b https://cache.ruby-lang.org/pub/ruby/3.4/ruby-3.4.9.tar.xz SIZE: 16682004 SHA1: 1eb1b0b45b9e9191de9d2f360164e60eedf77012 SHA256: 4231c54072601a171faed1699f105985e9971c94cd382b78feb4eb44eec2dd1a SHA512: 356fb47cc56f2d25198cb95253fc20ff7d9a6fd1fa53bc475e5c440012aebe27562537c399d271357235114ade263fd625029b66cb0f9b526f9c04f169fb9580 https://cache.ruby-lang.org/pub/ruby/3.4/ruby-3.4.9.zip SIZE: 27645906 SHA1: 8c4312fe946c7eaa269e5c7cee90f3b7350235b5 SHA256: a4dd555fddefcdd4a58d2169a568f5887b125edbbda2815ea826ca1833dc41ec SHA512: 1c6cc4d03edb071f79f9ae41d43defa8393b467d30000e89ee872c6fe99bde015421cb1dd3ecfd5f0359c1c095b60833a95cd5f6c4397358f8ed98eace8720e2 Release Comment Many committers, developers, and users who provided bug reports helped us make this release. Thanks for their contributions. Posted by nagachika on 11 Mar 2026
Ruby 3.4.9 Released
The Ruby community has announced the release of Ruby 3.4.9, a minor update to the Ruby 3.4 series. This version focuses on addressing critical security vulnerabilities and improving the overall stability of the language. The release was made available on March 11, 2026, and is primarily intended for users who continue to rely on the Ruby 3.4 branch as their default Ruby version.
The most significant update in Ruby 3.4.9 is the inclusion of a patch for CVE-2026-27820, a vulnerability in the zlib gem that could potentially allow remote code execution. This update is crucial for organizations and developers who have not yet migrated to newer Ruby versions and require the use of Ruby 3.4. The zlib gem is a widely used library for data compression and decompression, making this security fix particularly important for applications that rely on these functionalities.
In addition to the zlib vulnerability patch, Ruby 3.4.9 also includes a number of bug fixes that address various issues reported by the Ruby community. These fixes range from minor performance improvements to resolving compatibility issues with certain gems and libraries. The release notes, available on the GitHub Ruby repository, provide a detailed list of all the changes and improvements included in this version.
To download Ruby 3.4.9, users can access the release files from the official Ruby language website. The release is available in three formats: a tarball (.tar.gz), a xz-compressed tarball (.tar.xz), and a zip archive (.zip). Each file includes the complete source code for Ruby 3.4.9, along with the necessary documentation and installation instructions.
The Ruby development team has emphasized the importance of updating to the latest version of the zlib gem, particularly for those still using Ruby 3.4. They recommend that users who have not yet migrated to a newer Ruby version should apply this update as soon as possible to mitigate the risk associated with the CVE-2026-27820 vulnerability.
Ruby 3.4.9 marks the continuation of the Ruby 3.4 series, which was initially released in 2017. While newer Ruby versions, such as Ruby 3.6 and Ruby 3.0, have been available for several years, some users and organizations continue to rely on the stability and compatibility of the Ruby 3.4 branch. This release underscores the Ruby community's commitment to providing security updates and bug fixes for older versions, even as the community moves forward with newer releases.
The Ruby development team acknowledges the contributions of numerous committers, developers, and users who have reported bugs and provided feedback that helped shape this release. Their efforts have been instrumental in ensuring the quality and reliability of Ruby 3.4.9. As with all Ruby releases, the community encourages users to test the new version in their environments to ensure compatibility with their applications before deploying it in production.
In conclusion, the release of Ruby 3.4.9 is a significant update for users who remain on the Ruby 3.4 branch. The inclusion of a critical security patch for the zlib gem, along with other bug fixes, makes this version an essential update for maintaining the security and stability of Ruby 3.4-based applications. Users are advised to download and install the latest version of Ruby 3.4.9 to benefit from these improvements and mitigate the risks associated with the identified vulnerability.
