elastic-apm 2.7.0

1 security vulnerability found in version 2.7.0

Elastic APM agent for Ruby vulnerable to Improper Certificate Validation

high severity CVE-2019-7615
high severity CVE-2019-7615
Patched versions: >= 2.9.0

A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. When specifying a trusted server CA certificate via the server_ca_cert setting, the Ruby agent would not properly verify the certificate returned by the APM server. This could result in a man in the middle style attack against the Ruby agent.

No officially reported memory leakage issues detected.


This gem version does not have any officially reported memory leaked issues.

No license issues detected.


This gem version has a license in the gemspec.

This gem version is available.


This gem version has not been yanked and is still available for usage.