diff --git a/_data/downloads.yml b/_data/downloads.yml
index 0c156e797f..6ab158f4b8 100644
--- a/_data/downloads.yml
+++ b/_data/downloads.yml
@@ -7,7 +7,7 @@ preview:
 
 stable:
 
-  - 4.0.4
+  - 4.0.5
   - 3.4.9
   - 3.3.11
   - 3.2.11
diff --git a/_data/releases.yml b/_data/releases.yml
index 81c17918b1..0a6d9359bf 100644
--- a/_data/releases.yml
+++ b/_data/releases.yml
@@ -21,6 +21,30 @@
 
 # 4.0 series
 
+- version: 4.0.5
+  date: 2026-05-20
+  post: /en/news/2026/05/20/ruby-4-0-5-released/
+  url:
+    gz:  https://cache.ruby-lang.org/pub/ruby/4.0/ruby-4.0.5.tar.gz
+    zip: https://cache.ruby-lang.org/pub/ruby/4.0/ruby-4.0.5.zip
+    xz:  https://cache.ruby-lang.org/pub/ruby/4.0/ruby-4.0.5.tar.xz
+  size:
+    gz:  23818557
+    zip: 29122529
+    xz:  17893756
+  sha1:
+    gz:  efa77332e323c15a86e1a25a3ae53bd21972672c
+    zip: cda48124428ae33497f191bb676c8022615ab91e
+    xz:  58216f1858feed4e2dbd2719a0a7ae807563b428
+  sha256:
+    gz:  7d6149079a63f8ae1d326c9fa65c6019ba2dc3155eae7b39159817911c88958e
+    zip: 605f8b22e12f5cfc3f4a48850a7fe7dc9b010002d2c994d7508f38c63d2c0ff8
+    xz:  5dc5521ea54c726e6cc10b1b5a0f4004b27b482e61c04c99aed79315e30895e5
+  sha512:
+    gz:  ce50c8dda1479f5a84771df37cdb23f0183bba900494e7492bb90d4b0a3e60ff28b799f3c469977f5f7c1335a6c1f3400a9ca52cd4acfcbed08f016d352943f4
+    zip: c4faaefa386bb33dc4cb3994d740b0c8b4756726351df6cc0850dbd2598f3ba51dcfb38bd61d91f63adf3612bb5f6dbd727446caf9af78f5df36e7d31ecf113a
+    xz:  379d78a6d1af0455df60da46551f43438ad3ee81f83787554fc34cb1c8febb1bd363e3dc1a057b34a69f96526efc308d3dccc4b87d368897c2d1ccf179096463
+
 - version: 4.0.4
   date: 2026-05-11
   post: /en/news/2026/05/11/ruby-4-0-4-released/
diff --git a/en/news/_posts/2026-05-20-getaddrinfo-cve-2026-46727.md b/en/news/_posts/2026-05-20-getaddrinfo-cve-2026-46727.md
new file mode 100644
index 0000000000..0559d2e779
--- /dev/null
+++ b/en/news/_posts/2026-05-20-getaddrinfo-cve-2026-46727.md
@@ -0,0 +1,38 @@
+---
+layout: news_post
+title: "CVE-2026-46727: Use-after-free in pthread-based getaddrinfo timeout handler"
+author: "hsbt"
+translator:
+date: 2026-05-20 00:00:00 +0000
+tags: security
+lang: en
+---
+
+A use-after-free vulnerability has been discovered in the pthread-based `getaddrinfo` timeout handler of Ruby. This vulnerability has been assigned the CVE identifier [CVE-2026-46727](https://www.cve.org/CVERecord?id=CVE-2026-46727). This issue has been fixed in Ruby 4.0.5. We recommend upgrading Ruby.
+
+## Details
+
+A race condition exists in the timeout cancellation path of `rb_getaddrinfo` used by `Addrinfo.getaddrinfo(..., timeout:)` and `Socket.tcp(..., resolv_timeout:)`. A remote attacker who can delay DNS responses near the specified timeout may cause the Ruby process to dereference freed memory and crash.
+
+## Recommended action
+
+Please update to Ruby 4.0.5 or later.
+
+## Workaround
+
+If you cannot upgrade immediately, avoid passing `timeout:` to `Addrinfo.getaddrinfo` and `resolv_timeout:` to `Socket.tcp`.
+
+## Affected versions
+
+* Ruby 4.0.0 through 4.0.4
+* Ruby 4.1.0-dev (master) before the fix
+
+Ruby 3.4 series and earlier are not affected.
+
+## Credits
+
+Thanks to [cantina-security](https://hackerone.com/cantina-security) for discovering this issue. Also thanks to [shioimm](https://github.com/shioimm) for creating the patch.
+
+## History
+
+* Originally published at 2026-05-20 00:00:00 (UTC)
diff --git a/en/news/_posts/2026-05-20-ruby-4-0-5-released.md b/en/news/_posts/2026-05-20-ruby-4-0-5-released.md
new file mode 100644
index 0000000000..891fc3d338
--- /dev/null
+++ b/en/news/_posts/2026-05-20-ruby-4-0-5-released.md
@@ -0,0 +1,52 @@
+---
+layout: news_post
+title: "Ruby 4.0.5 Released"
+author: k0kubun
+translator:
+date: 2026-05-20 00:12:20 +0000
+lang: en
+---
+
+Ruby 4.0.5 has been released.
+
+This release only contains a security fix for
+[CVE-2026-46727: Use-after-free in pthread-based getaddrinfo timeout handler](/en/news/2026/05/20/getaddrinfo-cve-2026-46727/)
+and a build system regression in Ruby 4.0.4 under C locale [[Bug #22065]](https://bugs.ruby-lang.org/issues/22065).
+
+Please see the [GitHub releases](https://github.com/ruby/ruby/releases/tag/v4.0.5) for further details.
+
+## Release Schedule
+
+We intend to release the latest stable Ruby version (currently Ruby 4.0) every two months following the most recent *regular* release. Ruby 4.0.6 will be released in July, 4.0.7 in September, and 4.0.8 in November.
+
+If a change arises that significantly affects users, a release may occur earlier than planned, and the subsequent schedule may shift accordingly.
+
+## Download
+
+{% assign release = site.data.releases | where: "version", "4.0.5" | first %}
+
+* <{{ release.url.gz }}>
+
+      SIZE: {{ release.size.gz }}
+      SHA1: {{ release.sha1.gz }}
+      SHA256: {{ release.sha256.gz }}
+      SHA512: {{ release.sha512.gz }}
+
+* <{{ release.url.xz }}>
+
+      SIZE: {{ release.size.xz }}
+      SHA1: {{ release.sha1.xz }}
+      SHA256: {{ release.sha256.xz }}
+      SHA512: {{ release.sha512.xz }}
+
+* <{{ release.url.zip }}>
+
+      SIZE: {{ release.size.zip }}
+      SHA1: {{ release.sha1.zip }}
+      SHA256: {{ release.sha256.zip }}
+      SHA512: {{ release.sha512.zip }}
+
+## Release Comment
+
+Many committers, developers, and users who provided bug reports helped us make this release.
+Thanks for their contributions.