Merge branch 'master' into to-ruby-from-javascript-2767

Author: HundredBillion

_data/downloads.yml

@@ -8,7 +8,7 @@ preview:
 
 stable:
 
-  - 3.4.6
+  - 3.4.7
   - 3.3.9
   - 3.2.9
 

_data/releases.yml

@@ -52,6 +52,30 @@
 
 # 3.4 series
 
+- version: 3.4.7
+  date: 2025-10-07
+  post: /en/news/2025/10/07/ruby-3-4-7-released/
+  url:
+    gz:  https://cache.ruby-lang.org/pub/ruby/3.4/ruby-3.4.7.tar.gz
+    zip: https://cache.ruby-lang.org/pub/ruby/3.4/ruby-3.4.7.zip
+    xz:  https://cache.ruby-lang.org/pub/ruby/3.4/ruby-3.4.7.tar.xz
+  size:
+    gz:  23271433
+    zip: 28455721
+    xz:  17312044
+  sha1:
+    gz:  eabc902f52d1580e63108bf5f5fe3f646d855e74
+    zip: 4cad16704d1031cba7395619111f0291ece50605
+    xz:  a07f568bda581a4b4f23c6fe91e1cef44e71f8f8
+  sha256:
+    gz:  23815a6d095696f7919090fdc3e2f9459b2c83d57224b2e446ce1f5f7333ef36
+    zip: 0b250054d4330198bd98bcc30852e59a66d546d84ef1d347e05419bede537aef
+    xz:  db425a86f6e07546957578f4946cc700a91e7fd51115a86c56e096f30e0530c7
+  sha512:
+    gz:  7c9b807aa794a19377b0048da0e94869bf57905cf68d4f30b959aefb9f67834a51e06a23c9eee858e7f90938dbc38a5072bc946df502a6bcf86bf198ae061e22
+    zip: 3bf68557df908e51532f0b168c1d4cea335e20d38f7ad3b9fc80d747e0ce35391c78881df69b2f2eb0d4681a773d1c29cea717791a75e524793d6ed1ec7d2f8d
+    xz:  a6b99a2f1d0115d5e7efa710da440b9066c524c335928367c80852630f8db5da36c0a82d6e7ace90e8c40cb20c6097cbdca15a51c343254cadf5f0adf60f8505
+
 - version: 3.4.6
   date: 2025-09-16
   post: /en/news/2025/09/16/ruby-3-4-6-released/

bg/about/index.md

@@ -208,7 +208,7 @@ Ruby притежава множество други черти, като ня
 [artima]: http://www.artima.com/intv/closures2.html
 [tiobe]: http://www.tiobe.com/index.php/content/paperinfo/tpci/index.html
 [jruby]: http://jruby.org
-[rubinius]: http://rubini.us
+[rubinius]: https://rubinius.com
 [mruby]: http://www.mruby.org/
 [ironruby]: http://www.ironruby.net
 [maglev]: http://maglev.github.io

de/about/index.md

@@ -242,7 +242,7 @@ November 2001.
 [artima]: http://www.artima.com/intv/closures2.html
 [tiobe]: http://www.tiobe.com/index.php/content/paperinfo/tpci/index.html
 [jruby]: http://jruby.org
-[rubinius]: http://rubini.us
+[rubinius]: https://rubinius.com
 [mruby]: http://www.mruby.org/
 [ironruby]: http://www.ironruby.net
 [maglev]: http://maglev.github.io

en/about/index.md

@@ -230,7 +230,7 @@ For a more complete list, see [Awesome Rubies][awesome-rubies].
 [artima]: http://www.artima.com/intv/closures2.html
 [tiobe]: http://www.tiobe.com/index.php/content/paperinfo/tpci/index.html
 [jruby]: http://jruby.org
-[rubinius]: http://rubini.us
+[rubinius]: https://rubinius.com
 [truffleruby]: https://github.com/oracle/truffleruby
 [mruby]: http://www.mruby.org/
 [ironruby]: http://www.ironruby.net

en/news/_posts/2025-10-07-ruby-3-4-7-released.md

@@ -0,0 +1,52 @@
+---
+layout: news_post
+title: "Ruby 3.4.7 Released"
+author: k0kubun
+translator:
+date: 2025-10-07 17:14:11 +0000
+lang: en
+---
+
+Ruby 3.4.7 has been released.
+
+This release includes [an update to the uri gem addressing CVE-2025-61594](https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/),
+along with other bug fixes. Please refer to [the release notes on GitHub](https://github.com/ruby/ruby/releases/tag/v3_4_7) for further details.
+
+We recommend updating your version of the uri gem. This release has been made for the convenience of those who wish to continue using it as a default gem.
+
+## Release Schedule
+
+We intend to release the latest stable Ruby version (currently Ruby 3.4) every two months following the most recent release.
+Ruby 3.4.8 is scheduled for December and 3.4.9 for February.
+
+If a change arises that significantly affects users, a release may occur earlier than planned, and the subsequent schedule may shift accordingly.
+
+## Download
+
+{% assign release = site.data.releases | where: "version", "3.4.7" | first %}
+
+* <{{ release.url.gz }}>
+
+      SIZE: {{ release.size.gz }}
+      SHA1: {{ release.sha1.gz }}
+      SHA256: {{ release.sha256.gz }}
+      SHA512: {{ release.sha512.gz }}
+
+* <{{ release.url.xz }}>
+
+      SIZE: {{ release.size.xz }}
+      SHA1: {{ release.sha1.xz }}
+      SHA256: {{ release.sha256.xz }}
+      SHA512: {{ release.sha512.xz }}
+
+* <{{ release.url.zip }}>
+
+      SIZE: {{ release.size.zip }}
+      SHA1: {{ release.sha1.zip }}
+      SHA256: {{ release.sha256.zip }}
+      SHA512: {{ release.sha512.zip }}
+
+## Release Comment
+
+Many committers, developers, and users who provided bug reports helped us make this release.
+Thanks for their contributions.

en/news/_posts/2025-10-07-uri-cve-2025-61594.md

@@ -0,0 +1,35 @@
+---
+layout: news_post
+title: "CVE-2025-61594: URI Credential Leakage Bypass previous fixes"
+author: "hsbt"
+translator:
+date: 2025-10-07 00:00:00 +0000
+tags: security
+lang: en
+---
+
+We published security advisory for CVE-2025-61594.
+
+## CVE-2025-61594: URI Credential Leakage Bypass over CVE-2025-27221
+
+In affected URI version, a bypass exists for the fix to CVE-2025-27221 that can expose user credentials.
+
+This vulnerability has been assigned the CVE identifier [CVE-2025-61594](https://www.cve.org/CVERecord?id=CVE-2025-61594). We recommend upgrading the uri gem.
+
+### Details
+
+When using the `+` operator to combine URIs, sensitive information like passwords from the original URI can be leaked, violating RFC3986 and making applications vulnerable to credential exposure.
+
+Please update URI gem to version 0.12.5, 0.13.3, 1.0.4 or later.
+
+### Affected versions
+
+* uri gem versions < 0.12.5, 0.13.0 to 0.13.2 and 1.0.0 to 1.0.3.
+
+### Credits
+
+Thanks to [junfuchong (chongfujun)](https://hackerone.com/chongfujun) for discovering this issue. Also thanks to [nobu](https://github.com/nobu) for additional fixes of this vulnerability.
+
+## History
+
+* Originally published at 2025-10-07 0:00:00 (UTC)

en/news/_posts/2025-10-17-rubygems-repository-transition.md

@@ -0,0 +1,32 @@
+---
+layout: news_post
+title: "The Transition of RubyGems Repository Ownership"
+author: "matz"
+translator:
+date: 2025-10-17 12:00:00 +0000
+tags:
+lang: en
+---
+
+Dear Ruby community,
+
+RubyGems and Bundler are essential official clients for rubygems.org and the Ruby ecosystem, bundled with the Ruby language for many years and functioning as part of the standard library.
+
+Despite this crucial role, RubyGems and Bundler have historically been developed outside the Ruby organization on GitHub, unlike other major components of the Ruby ecosystem.
+
+To provide the community with long-term stability and continuity, the Ruby core team, led by Matz, has decided to assume stewardship of these projects from Ruby Central. We will continue their development in close collaboration with Ruby Central and the broader community.
+
+We want to emphasize the following important points:
+
+* Repository ownership will transition to the Ruby core team to ensure long-term stability and alignment with the broader Ruby ecosystem. It will continue being managed by Ruby Central, now jointly with the Ruby core team.
+* RubyGems and Bundler will remain open source under their current licenses, with no changes to licensing terms.
+* All existing contributors retain full copyright and authorship of their code contributions. This transition does not affect any contributor's intellectual property rights.
+* The collaborative, community-driven development process will continue as before, and we welcome contributions from all community members.
+
+This transition represents our commitment to ensuring the continued health, stability, and growth of the Ruby ecosystem for years to come. We are grateful to Ruby Central for their years of dedicated stewardship, and we look forward to working together with all members of the Ruby community to build an even brighter future for Ruby.
+
+Thank you for your continued support and contributions.
+
+Sincerely,
+
+Yukihiro Matsumoto, a.k.a. Matz

es/about/index.md

@@ -230,7 +230,7 @@ del 2003.
 [artima]: http://www.artima.com/intv/closures2.html
 [tiobe]: http://www.tiobe.com/index.php/content/paperinfo/tpci/index.html
 [jruby]: http://jruby.org
-[rubinius]: http://rubini.us
+[rubinius]: https://rubinius.com
 [truffleruby]: https://github.com/oracle/truffleruby
 [mruby]: http://www.mruby.org/
 [ironruby]: http://www.ironruby.net

fr/about/index.md

@@ -4,11 +4,10 @@ title: "À propos de Ruby"
 lang: fr
 ---
 
-Indéniablement, Ruby devient de plus en plus populaire. Les « rubyistes
-» qualifient ce langage d’élégant, voire lui prêtent des qualités
-artistiques ; ils soulignent dans le même temps qu’il est pratique à
-utiliser et facile d’accès. Mais tout ça est très éthéré, qu’en est-il
-concrètement parlant ?
+Vous vous demandez pourquoi Ruby est si populaire ?
+Ses fans qualifient ce langage d’élégant, voire lui prêtent des qualités artistiques.
+Et pourtant, ils le décrivent également comme étant pratique et fonctionnel.
+Mais qu'en est-il concrètement ?
 {: .summary}
 
 ### Ruby, une conceptualisation personnelle