Ruby | A programmer's Best Friend
211 FOLLOWERS
Ruby is a language of careful balance. Its creator, Yukihiro "Matz" Matsumoto, blended parts of his favorite languages (Perl, Smalltalk, Eiffel, Ada, and Lisp) to form a new language that balanced functional programming with imperative programming.
Ruby | A programmer's Best Friend
1M ago
We have released the StringIO gem version 3.0.1.1 and 3.0.1.2 that have a security fix for a buffer overread vulnerability. This vulnerability has been assigned the CVE identifier CVE-2024-27280.
Details
An issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4.
The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value.
This vulnerability is not affected StringIO 3.0.3 and later, and Ruby 3.2.x and later.
Recommended action
We recommend to update the St ..read more
Ruby | A programmer's Best Friend
1M ago
We have released the RDoc gem version 6.3.4.1, 6.4.1.1, 6.5.1.1 and 6.6.3.1 that have a security fix for a RCE vulnerability. This vulnerability has been assigned the CVE identifier CVE-2024-27281.
Details
An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0.
When parsing .rdoc_options (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be restored.
When loading the documentation cache, object injection and resultant remote code execu ..read more
Ruby | A programmer's Best Friend
4M ago
We are pleased to announce the release of Ruby 3.3.0. Ruby 3.3 adds a new parser named Prism, uses Lrama as a parser generator, adds a new pure-Ruby JIT compiler named RJIT, and many performance improvements especially YJIT.
Prism
Introduced the Prism parser as a default gem
Prism is a portable, error tolerant, and maintainable recursive descent parser for the Ruby language
Prism is production ready and actively maintained, you can use it in place of Ripper
There is extensive documentation on how to use Prism
Prism is both a C library that will be used internally by CRuby and a Ruby gem t ..read more
Ruby | A programmer's Best Friend
4M ago
We are pleased to announce the release of Ruby 3.3.0-rc1. Ruby 3.3 adds a new parser named Prism, uses Lrama as a parser generator, adds a new pure-Ruby JIT compiler named RJIT, and many performance improvements especially YJIT.
After the release of RC1, we will avoid introducing ABI incompatibilities wherever possible. If we need to do, we’ll announce it in the release note.
Prism
Introduced the Prism parser as a default gem
Prism is a portable, error tolerant, and maintainable recursive descent parser for the Ruby language
Prism is production ready and actively maintained, you can use it ..read more
Ruby | A programmer's Best Friend
5M ago
We are pleased to announce the release of Ruby 3.3.0-preview3. Ruby 3.3 adds a new parser named Prism, uses Lrama as a parser generator, adds a new pure-Ruby JIT compiler named RJIT, and many performance improvements especially YJIT.
Prism
Introduced the Prism parser as a default gem
Prism is a portable, error tolerant, and maintainable recursive descent parser for the Ruby language
Prism is production ready and actively maintained, you can use it in place of Ripper
There is extensive documentation on how to use Prism
Prism is both a C library that will be used internally by CRuby and a R ..read more
Ruby | A programmer's Best Friend
7M ago
We are pleased to announce the release of Ruby 3.3.0-preview2. Ruby 3.3 adds a new pure-Ruby JIT compiler named RJIT, uses Lrama as a parser generator, and many performance improvements especially YJIT.
RJIT
Introduced a pure-Ruby JIT compiler RJIT and replaced MJIT.
RJIT supports only x86_64 architecture on Unix platforms.
Unlike MJIT, it doesn’t require a C compiler at runtime.
RJIT exists only for experimental purposes.
You should keep using YJIT in production.
If you are interested in developing JIT for Ruby, please check out k0kubun’s presentation on Day 3 of RubyKaigi.
Use Lrama ..read more
Ruby | A programmer's Best Friend
10M ago
We have released the uri gem version 0.12.2, 0.10.3 that has a security fix for a ReDoS vulnerability. This vulnerability has been assigned the CVE identifier CVE-2023-36617.
Details
A ReDoS issue was discovered in the URI component through 0.12.1 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.rb and rfc3986_parser.rb.
NOTE: this issue exists becuse of an incomplete fix for CVE-2023-28755.
The uri gem version 0.12.1 and all versions prior 0.12.1 are vulnerable for this ..read more
Ruby | A programmer's Best Friend
1y ago
We are pleased to announce the release of Ruby 3.3.0-preview1. Ruby 3.3 adds a new pure-Ruby JIT compiler named RJIT, uses Lrama as a parser generator, and many performance improvements especially YJIT.
RJIT
Introduced a pure-Ruby JIT compiler RJIT and replaced MJIT.
RJIT supports only x86_64 architecture on Unix platforms.
Unlike MJIT, it doesn’t require a C compiler at runtime.
RJIT exists only for experimental purposes.
You should keep using YJIT in production.
If you are interested in developing JIT for Ruby, please check out k0kubun’s presentation on Day 3 of RubyKaigi.
Use Lrama ..read more
Ruby | A programmer's Best Friend
1y ago
Ruby 2.7.8 has been released.
This release includes security fixes. Please check the topics below for details.
CVE-2023-28755: ReDoS vulnerability in URI
CVE-2023-28756: ReDoS vulnerability in Time
This release also includes some build problem fixes. See the GitHub releases for further details.
After this release, Ruby 2.7 reaches EOL. In other words, this is expected to be the last release of Ruby 2.7 series. We will not release Ruby 2.7.9 even if a security vulnerability is found (but could release if a severe regression is found). We recommend all Ruby 2.7 users to start migration to Ruby ..read more
Ruby | A programmer's Best Friend
1y ago
Ruby 3.0.6 has been released.
This release includes security fixes. Please check the topics below for details.
CVE-2023-28755: ReDoS vulnerability in URI
CVE-2023-28756: ReDoS vulnerability in Time
This release also includes some bug fixes. See the GitHub releases for further details.
After this release, we end the normal maintenance phase of Ruby 3.0, and Ruby 3.0 enters the security maintenance phase. This means that we will no longer backport any bug fixes to Ruby 3.0 except security fixes.
The term of the security maintenance phase is scheduled for a year. Ruby 3.0 reaches EOL and its of ..read more