ruby2.7 is vulnerable to Man In the Middle Attack. An attacker may bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a “StartTLS stripping attack.”
github.com/ruby/ruby/commit/a21a3b7d23704a01d34bd79d09dc37897e00922a
hackerone.com/reports/1178562
lists.debian.org/debian-lts-announce/2021/10/msg00009.html
security-tracker.debian.org/tracker/CVE-2021-32066
security.netapp.com/advisory/ntap-20210902-0004/
www.oracle.com/security-alerts/cpuapr2022.html
www.ruby-lang.org/en/news/2021/07/07/starttls-stripping-in-net-imap/