Ruby | A programmer's Best Friend
214 FOLLOWERS
Ruby is a language of careful balance. Its creator, Yukihiro "Matz" Matsumoto, blended parts of his favorite languages (Perl, Smalltalk, Eiffel, Ada, and Lisp) to form a new language that balanced functional programming with imperative programming.
Ruby | A programmer's Best Friend
1w ago
Ruby 3.3.5 has been released.
This is a routine update that includes minor bug fixes. We recommend upgrading your Ruby version at your earliest convenience. For more details, please refer to the GitHub release notes.
Release Schedule
As previously announced, we intend to release the latest stable Ruby version (currently Ruby 3.3) every 2 months following a .1 release.
We expect to release Ruby 3.3.6 on November 5th and Ruby 3.3.7 on January 7th. If any significant changes arise that impact a large number of users, we may release a new version earlier than scheduled.
Download
https://cache.ru ..read more
Ruby | A programmer's Best Friend
2w ago
There is a DoS vulnerability in REXML gem. This vulnerability has been assigned the CVE identifier CVE-2024-43398. We strongly recommend upgrading the REXML gem.
Details
When parsing an XML that has many deep elements that have same local name attributes.
It’s only affected with the tree parser API. If you’re using REXML::Document.new to parse an XML, you may be affected.
Please update REXML gem to version 3.3.6 or later.
Affected versions
REXML gem 3.3.5 or prior
Credits
Thanks to l33thaxor for discovering this issue.
History
Originally published at 2024-08-22 03:00:00 (UTC)
Posted by kou ..read more
Ruby | A programmer's Best Friend
1M ago
There are some DoS vulnerabilities in REXML gem. These vulnerabilities have been assigned the CVE identifier CVE-2024-41123. We strongly recommend upgrading the REXML gem.
Details
When parsing an XML document that has many specific characters such as whitespace character, >] and ]>, REXML gem may take long time.
Please update REXML gem to version 3.3.3 or later.
Affected versions
REXML gem 3.3.2 or prior
Credits
Thanks to mprogrammer and scyoon for discovering these issues.
History
Originally published at 2024-08-01 03:00:00 (UTC)
Posted by kou on 1 Aug 2024 ..read more
Ruby | A programmer's Best Friend
1M ago
There is a DoS vulnerability in REXML gem. This vulnerability has been assigned the CVE identifier CVE-2024-41946. We strongly recommend upgrading the REXML gem.
Details
When parsing an XML that has many entity expansions with SAX2 or pull parser API, REXML gem may take long time.
Please update REXML gem to version 3.3.3 or later.
Affected versions
REXML gem 3.3.2 or prior
Credits
Thanks to NAITOH Jun for discovering and fixing this issue.
History
Originally published at 2024-08-01 03:00:00 (UTC)
Posted by kou on 1 Aug 2024 ..read more
Ruby | A programmer's Best Friend
1M ago
Ruby 3.2.5 has been released.
This release include many bug-fixes. And we updated the version of bundled gem rexml to include the following security fix. CVE-2024-39908 : DoS in REXML.
Please see the GitHub releases for further details.
Download
https://cache.ruby-lang.org/pub/ruby/3.2/ruby-3.2.5.tar.gz
SIZE: 20619047
SHA1: e5166c947a4d9057b1310710a2a963df12264ac9
SHA256: ef0610b498f60fb5cfd77b51adb3c10f4ca8ed9a17cb87c61e5bea314ac34a16
SHA512: d86c0151fabf21b418b007465e3f5b3fd0b2de0a9652057fd465b1f7e91b01d00f83a737e972ea994a5d9231e8cb27e64e576852390fe6c2ad502f0d099fe5f4
https://cache.ru ..read more
Ruby | A programmer's Best Friend
2M ago
There is a DoS vulnerability in REXML gem. This vulnerability has been assigned the CVE identifier CVE-2024-39908. We strongly recommend upgrading the REXML gem.
Details
When it parses an XML that has many specific characters such as <, 0 and %>. REXML gem may take long time.
Please update REXML gem to version 3.3.2 or later.
Affected versions
REXML gem 3.3.1 or prior
Credits
Thanks to mprogrammer for discovering this issue.
History
Originally published at 2024-07-16 03:00:00 (UTC)
Posted by watson1978 on 16 Jul 2024 ..read more
Ruby | A programmer's Best Friend
2M ago
Ruby 3.3.4 has been released.
This release fixes a regression in Ruby 3.3.3 that dependencies are missing in the gemspec of some bundled gems: net-pop, net-ftp, net-imap, and prime [Bug #20581]. The fix allows Bundler to successfully install those gems on platforms like Heroku. If your bundle install runs correctly now, you may not have this issue.
Other changes are mostly minor bug fixes. Please see the GitHub releases for further details.
Release Schedule
Going forward, we intend to release the latest stable Ruby version (currently Ruby 3.3) every 2 months after a .1 release. For Ruby 3.3, 3 ..read more
Ruby | A programmer's Best Friend
3M ago
Ruby 3.3.3 has been released.
This release includes:
RubyGems 3.5.11
Bundler 2.5.11
REXML 3.2.8
strscan 3.0.9
--dump=prism_parsetree is replaced by --parser=prism --dump=parsetree
Invalid encoding symbols raise SyntaxError instead of EncodingError
Memory leak fix in Ripper parsing
Bugfixes for YJIT, **{}, Ripper.tokenize, RubyVM::InstructionSequence#to_binary, --with-gmp, and some build environments
Please see the GitHub releases for further details.
Download
https://cache.ruby-lang.org/pub/ruby/3.3/ruby-3.3.3.tar.gz
SIZE: 22105219
SHA1: b71971b141ee2325d99046a02291940fcca9830c
SHA256: 8 ..read more
Ruby | A programmer's Best Friend
3M ago
Ruby 3.3.2 has been released.
This release includes many bug-fixes. See the GitHub releases for further details.
Download
https://cache.ruby-lang.org/pub/ruby/3.3/ruby-3.3.2.tar.gz
SIZE: 22095824
SHA1: b49719ef383c581008c1fd3b68690f874f78557b
SHA256: 3be1d100ebf2a0ce60c2cd8d22cd9db4d64b3e04a1943be2c4ff7b520f2bcb5b
SHA512: a15ba8d6c2830fcd1f2b36f671acf9028c303ec78608fd268da0585db8e95ddd971666e8029bcfa2584da2184a6534e1f2f2da07fa7ca4494e8d842eed206f00
https://cache.ruby-lang.org/pub/ruby/3.3/ruby-3.3.2.tar.xz
SIZE: 16349500
SHA1: 5c9f7d5cf55d9e45b24c613014cbe2b605de009d
SHA256: b5e8a8ed4 ..read more
Ruby | A programmer's Best Friend
3M ago
We are excited to announce that Ruby’s official website, ruby-lang.org, has adopted Datadog for monitoring by Datadog OSS community support.
This allows us to effectively monitor the performance and availability of the site in real time for Ruby users. This key benefits of using Datadog include the following.
CDN Visibility
cache.ruby-lang.org provided by Fastly is most important infrastructure of Ruby ecosystem. Datadog enables monitoring of Content Delivery Network (CDN) performance. It tracks cache coverage, error rate, enhancing user experiences.
Unified Data Visualization
We have various ..read more