Register | Log in

ruby-json

JSON library for Ruby

Choose email to subscribe with

general

source: ruby-json (main)
version: 2.19.2+dfsg-1
maintainer: Debian Ruby Team (archive) (DMD)
uploaders: Lucas Nussbaum [DMD] – Cédric Boutillier [DMD] – Lucas Kanashiro [DMD] – Utkarsh Gupta [DMD]
arch: any
std-ver: 4.7.3
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.3.0+dfsg-1
oldstable: 2.6.3+dfsg-1
stable: 2.9.1+dfsg-1
testing: 2.19.1+dfsg-1
unstable: 2.19.2+dfsg-1

versioned links

2.3.0+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.6.3+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.9.1+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.19.1+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.19.2+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

ruby-json

action needed

debian/patches: 1 patch with invalid metadata, 1 patch to forward upstream high

Among the 2 debian patches available in version 2.19.2+dfsg-1 of the package, we noticed the following issues:

1 patch with invalid metadata that ought to be fixed.
1 patch where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2026-03-24 11:00

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2026-33210: Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allow_duplicate_key: false parsing option is used to parse user supplied documents. This issue has been patched in versions 2.15.2.1, 2.17.1.2, and 2.19.2.

Created: 2026-03-21 Last update: 2026-03-24 08:31

testing migrations

excuses:
- Migration status for ruby-json (2.19.1+dfsg-1 to 2.19.2+dfsg-1): Waiting for test results or another package, or too young (no action required now - check later)
- Issues preventing migration:
- ∙ ∙ Lintian check waiting for test results - info
- ∙ ∙ Too young, only 0 of 2 days old
- Additional info (not blocking):
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/r/ruby-json.html
- ∙ ∙ Autopkgtest for ruby-json/2.19.2+dfsg-1: amd64: Pass, arm64: Pass, i386: Pass, ppc64el: Pass, riscv64: Pass, s390x: Pass
- ∙ ∙ Reproduced on amd64
- ∙ ∙ Reproducibility check waiting for results on arm64
- ∙ ∙ Reproduced on armhf
- ∙ ∙ Reproducibility check waiting for results on i386
- ∙ ∙ Reproducibility check waiting for results on ppc64el
- ∙ ∙ Required age reduced by 3 days because of autopkgtest
- Not considered

news

[2026-03-23] Accepted ruby-json 2.19.2+dfsg-1 (source) into unstable (Simon Quigley)
[2026-03-14] ruby-json 2.19.1+dfsg-1 MIGRATED to testing (Debian testing watch)
[2026-03-10] Accepted ruby-json 2.19.1+dfsg-1 (source) into unstable (Simon Quigley)
[2026-02-20] ruby-json 2.18.1+dfsg-1 MIGRATED to testing (Debian testing watch)
[2026-02-09] Accepted ruby-json 2.18.1+dfsg-1 (source) into unstable (Simon Quigley)
[2025-11-02] ruby-json 2.15.2+dfsg-1 MIGRATED to testing (Debian testing watch)
[2025-10-30] Accepted ruby-json 2.15.2+dfsg-1 (source) into unstable (Simon Quigley)
[2025-02-06] ruby-json 2.9.1+dfsg-1 MIGRATED to testing (Debian testing watch)
[2025-02-04] Accepted ruby-json 2.9.1+dfsg-1 (source) into unstable (Lucas Nussbaum)
[2025-02-01] ruby-json 2.7.6+dfsg-1 MIGRATED to testing (Debian testing watch)
[2025-01-29] Accepted ruby-json 2.7.6+dfsg-1 (source) into unstable (Lucas Nussbaum)
[2024-05-10] ruby-json 2.7.2+dfsg-1 MIGRATED to testing (Debian testing watch)
[2024-05-06] Accepted ruby-json 2.7.2+dfsg-1 (source) into unstable (Lucas Nussbaum)
[2022-12-29] ruby-json 2.6.3+dfsg-1 MIGRATED to testing (Debian testing watch)
[2022-12-29] ruby-json 2.6.3+dfsg-1 MIGRATED to testing (Debian testing watch)
[2022-12-26] Accepted ruby-json 2.6.3+dfsg-1 (source) into unstable (Lucas Nussbaum)
[2022-11-14] ruby-json 2.6.2+dfsg-1 MIGRATED to testing (Debian testing watch)
[2022-11-10] Accepted ruby-json 2.6.2+dfsg-1 (source) into unstable (Lucas Kanashiro)
[2021-11-01] ruby-json 2.5.1+dfsg-2 MIGRATED to testing (Debian testing watch)
[2021-10-30] Accepted ruby-json 2.5.1+dfsg-2 (source) into unstable (Sergio Durigan Junior)
[2021-09-22] ruby-json 2.5.1+dfsg-1 MIGRATED to testing (Debian testing watch)
[2021-09-13] Accepted ruby-json 2.5.1+dfsg-1 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2020-06-15] Accepted ruby-json 2.0.1+dfsg-3+deb9u1 (source amd64) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Debian FTP Masters) (signed by: Utkarsh Gupta)
[2020-06-13] Accepted ruby-json 2.1.0+dfsg-2+deb10u1 (source amd64) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Utkarsh Gupta)
[2020-05-27] Accepted ruby-json 2.3.0+dfsg-1~bpo10+1 (source amd64) into buster-backports, buster-backports (Debian FTP Masters) (signed by: Praveen Arimbrathodiyil)
[2020-04-27] Accepted ruby-json 1.8.1-1+deb8u1 (source amd64) into oldoldstable (Utkarsh Gupta)
[2020-02-09] ruby-json 2.3.0+dfsg-1 MIGRATED to testing (Debian testing watch)
[2020-02-05] Accepted ruby-json 2.3.0+dfsg-1 (source) into unstable (Utkarsh Gupta)
[2018-03-03] ruby-json 2.1.0+dfsg-2 MIGRATED to testing (Debian testing watch)
[2018-02-25] Accepted ruby-json 2.1.0+dfsg-2 (source) into unstable (Antonio Terceiro)

1
2

bugs [bug history graph]

all: 2
RC: 0
I&N: 1
M&W: 1
F&P: 0
patch: 0

links

homepage
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.18.1+dfsg-1
1 bug

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing