Mohamedhafez

**Name of the Vulnerable Software and Affected Versions** JRuby-OpenSSL versions 0.12.1 through 0.15.3 JRuby versions 9.3.4.0 through 9.4.12.0 JRuby version 10.0.0.0 **Description** The issue concerns the verification of SSL certificates. When verifying these certificates, the hostname presented in the certificate is not checked to ensure it matches the one the user is trying to connect to. This could allow a man-in-the-middle to present any valid certificate for a different domain they own, which would be accepted. This affects users who rely on JRuby to make requests to external APIs or scrape the web securely using https. **Recommendations** For JRuby-OpenSSL versions 0.12.1 through 0.15.3, update to version 0.15.4. For JRuby versions 9.3.4.0 through 9.4.12.0, update to version 9.4.12.1. For JRuby version 10.0.0.0, update to version 10.0.0.1.