Reporting Security Issues

We work hard to provide a secure environment for running your code. If you find a security issue, please email security@rubinius.com. Encrypt your email using our public key (also available on our website or from the MIT PGP database).

Our policy is to respond to you within 72 hours and we will work with you to create a fix for the issue. Sending an email to security@rubinius.com will not result in a public disclosure. We will work with you on a public disclosure after we have prepared a fix.

For security issues with the standard libraries that are copied from Ruby, please report them directly to that project. We are notified as part of their reporting procedures and we ensure that Rubinius is patched in the cases when those vulnerabilities affect Rubinius as well.