Is Ruby 2.6.10 patched?
Current stable (4.0.5): 100/100
2.6.10 has 1 open critical-or-high vulnerability. Run 2.7.7 or later to clear it. See what 2.7.7 fixes →
Summary iPlain-English security status for Ruby 2.6.10, built from its CVEs, active-exploitation data, end-of-life date and latest release.
Ruby 2.6.10 is part of the 2.6 release line. 2 known vulnerabilities affect it. The minimum safe version is 2.7.7 — upgrade to it or later to clear the open critical/high issues. The 2.6 line reached end-of-life on 2022-03-31, so it no longer receives security patches. The latest supported Ruby release is 4.0.5.
Known issues affecting 2.6.10
Exploited first, then by exploitation probability.
CVE-2021-28966 HIGH EPSS 58% → fixed in 3.0.1 CVE-2023-28756 MEDIUM EPSS 2% → see advisoryOther Ruby versions
Check another release line of Ruby.
Frequently asked
Is Ruby 2.6.10 patched?
Ruby 2.6.10 is end-of-life and no longer receives security patches. Move to 4.0.5.
What version should I upgrade Ruby 2.6.10 to?
Upgrade Ruby 2.6.10 to at least 2.7.7 to clear its 1 open critical-or-high vulnerability.
When does Ruby 2.6 reach end-of-life?
Ruby 2.6 reached end-of-life on 2022-03-31 and no longer receives security patches.
What is the latest version of Ruby?
The latest supported Ruby release is 4.0.5.
Is Ruby 2.6.10 still receiving security updates?
No — Ruby 2.6.10 is on the 2.6 line, which reached end-of-life on 2022-03-31 and no longer receives security updates. Upgrade to 4.0.5 or later to stay supported.
Informational only, from public data (NVD · CISA KEV · EPSS · endoflife.date), and can lag or miss vendor-specific fixes. Always confirm against Ruby's official advisory before you patch or upgrade — Ruby official site ↗