A new Ruby blog post/announcement has been posted!
Get the full details here: CVE-2021-28965: XML round-trip vulnerability in REXML