I just saw on the Codegear Ruby newsgroups that a vulnerability on the net/https
library was reported. Basically the library doesn’t validate the server certificate
CN (Common Name).

You can read the details here:


Patches have been done for Ruby to accommodate this and you can download them from here: