From 5627d71606b565641d2dd501b82aae862f4abe90 Mon Sep 17 00:00:00 2001
From: Jean Boussier <jean.boussier@gmail.com>
Date: Fri, 5 Jun 2026 08:37:03 +0200
Subject: [PATCH 1/3] _msgpack_buffer_shift_chunk: reset rmem pointers when
 fully empty

Co-Authored-By: Pranjali Thakur <pranjali@depthfirst.com>
---
 ext/msgpack/buffer.c      |  3 +++
 spec/cruby/buffer_spec.rb | 15 +++++++++++++++
 2 files changed, 18 insertions(+)

diff --git a/ext/msgpack/buffer.c b/ext/msgpack/buffer.c
index d1583702..f6a037ff 100644
--- a/ext/msgpack/buffer.c
+++ b/ext/msgpack/buffer.c
@@ -134,6 +134,9 @@ bool _msgpack_buffer_shift_chunk(msgpack_buffer_t* b)
          * because head should be always available */
         b->tail_buffer_end = NULL;
         b->read_buffer = NULL;
+        b->rmem_end = NULL;
+        b->rmem_last = NULL;
+        b->rmem_owner = NULL;
         return false;
     }
 
diff --git a/spec/cruby/buffer_spec.rb b/spec/cruby/buffer_spec.rb
index 3ee0188e..4c7f554a 100644
--- a/spec/cruby/buffer_spec.rb
+++ b/spec/cruby/buffer_spec.rb
@@ -605,4 +605,19 @@
       GC.stress = stress
     end
   end
+
+  it "properly reset the arenas" do
+    b1 = MessagePack::Buffer.new(nil, write_reference_threshold: 256)
+    b1.write('M' * 1000)
+    b1.write('A' * 200)
+    b1.write('N' * 1000)
+    b1.clear
+    b1.write('C' * 128)
+
+    secret = ('_' * 200) + ('ABCD' * 32) + ('_' * 400)
+    b2 = MessagePack::Buffer.new(nil, write_reference_threshold: 4096)
+    b2.write(secret)
+
+    expect(b1.read_all).to eq(('C' * 128).b)
+  end
 end

From 9cfd2ab6e18e9617908fea915292fe9cab751a35 Mon Sep 17 00:00:00 2001
From: Jean Boussier <jean.boussier@gmail.com>
Date: Tue, 9 Jun 2026 09:44:58 +0200
Subject: [PATCH 2/3] Stop testing ruby 2.5 on macOS

setup-ruby no longer supports it.
---
 .github/workflows/ci.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index ae0bbe41..b2cbd5e8 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -18,7 +18,7 @@ jobs:
         ruby: ['2.5', '2.6', '2.7', '3.0', '3.1', '3.2', '3.3', '3.4', '3.5', '4.0']
         include:
           - os: macos-latest
-            ruby: '2.5'
+            ruby: '2.6'
           - os: macos-latest
             ruby: '3.2'
           - os: windows-latest

From 09c914d75f296d6edb9fadb65b9ad614eb0bbfc7 Mon Sep 17 00:00:00 2001
From: Jean Boussier <jean.boussier@gmail.com>
Date: Tue, 9 Jun 2026 09:54:48 +0200
Subject: [PATCH 3/3] Release 1.8.2

---
 ChangeLog              | 6 ++++++
 lib/msgpack/version.rb | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 78021ac7..86bdab8b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2026-06-09 1.8.2
+
+* Fix `Buffer#clear` to properly reset memory chunks before adding them back to the pool.
+  This could have caused data to leak across buffers when using the MessagePack::Buffer API
+  directly. [CVE-PENDING].
+
 2026-05-28 1.8.1
 
 * Workaround rare compilation issue when `rb_hash_new_capa` isn't properly detected.
diff --git a/lib/msgpack/version.rb b/lib/msgpack/version.rb
index 511b15e7..f1542889 100644
--- a/lib/msgpack/version.rb
+++ b/lib/msgpack/version.rb
@@ -1,5 +1,5 @@
 module MessagePack
-  VERSION = "1.8.1"
+  VERSION = "1.8.2"
   # Note for maintainers:
   #  Don't miss building/releasing the JRuby version (rake buld:java)
   #  See "How to build -java rubygems" in README for more details.