I just saw on the Codegear Ruby newsgroups that a vulnerability on the net/https
library was reported. Basically the library doesn’t validate the server certificate
CN (Common Name).
You can read the details here:
http://www.isecpartners.com/advisories/2007-006-rubyssl.txt
Patches have been done for Ruby to accommodate this and you can download them from here:
http://www.ruby-lang.org/en/news/2007/10/04/net-https-vulnerability/
