Ruby 3.3.5 Released
Ruby | A programmer's Best Friend
by
1w ago
Ruby 3.3.5 has been released. This is a routine update that includes minor bug fixes. We recommend upgrading your Ruby version at your earliest convenience. For more details, please refer to the GitHub release notes. Release Schedule As previously announced, we intend to release the latest stable Ruby version (currently Ruby 3.3) every 2 months following a .1 release. We expect to release Ruby 3.3.6 on November 5th and Ruby 3.3.7 on January 7th. If any significant changes arise that impact a large number of users, we may release a new version earlier than scheduled. Download https://cache.ru ..read more
Visit website
CVE-2024-43398: DoS vulnerability in REXML
Ruby | A programmer's Best Friend
by
2w ago
There is a DoS vulnerability in REXML gem. This vulnerability has been assigned the CVE identifier CVE-2024-43398. We strongly recommend upgrading the REXML gem. Details When parsing an XML that has many deep elements that have same local name attributes. It’s only affected with the tree parser API. If you’re using REXML::Document.new to parse an XML, you may be affected. Please update REXML gem to version 3.3.6 or later. Affected versions REXML gem 3.3.5 or prior Credits Thanks to l33thaxor for discovering this issue. History Originally published at 2024-08-22 03:00:00 (UTC) Posted by kou ..read more
Visit website
CVE-2024-41123: DoS vulnerabilities in REXML
Ruby | A programmer's Best Friend
by
1M ago
There are some DoS vulnerabilities in REXML gem. These vulnerabilities have been assigned the CVE identifier CVE-2024-41123. We strongly recommend upgrading the REXML gem. Details When parsing an XML document that has many specific characters such as whitespace character, >] and ]>, REXML gem may take long time. Please update REXML gem to version 3.3.3 or later. Affected versions REXML gem 3.3.2 or prior Credits Thanks to mprogrammer and scyoon for discovering these issues. History Originally published at 2024-08-01 03:00:00 (UTC) Posted by kou on 1 Aug 2024 ..read more
Visit website
CVE-2024-41946: DoS vulnerability in REXML
Ruby | A programmer's Best Friend
by
1M ago
There is a DoS vulnerability in REXML gem. This vulnerability has been assigned the CVE identifier CVE-2024-41946. We strongly recommend upgrading the REXML gem. Details When parsing an XML that has many entity expansions with SAX2 or pull parser API, REXML gem may take long time. Please update REXML gem to version 3.3.3 or later. Affected versions REXML gem 3.3.2 or prior Credits Thanks to NAITOH Jun for discovering and fixing this issue. History Originally published at 2024-08-01 03:00:00 (UTC) Posted by kou on 1 Aug 2024 ..read more
Visit website
Ruby 3.2.5 Released
Ruby | A programmer's Best Friend
by
1M ago
Ruby 3.2.5 has been released. This release include many bug-fixes. And we updated the version of bundled gem rexml to include the following security fix. CVE-2024-39908 : DoS in REXML. Please see the GitHub releases for further details. Download https://cache.ruby-lang.org/pub/ruby/3.2/ruby-3.2.5.tar.gz SIZE: 20619047 SHA1: e5166c947a4d9057b1310710a2a963df12264ac9 SHA256: ef0610b498f60fb5cfd77b51adb3c10f4ca8ed9a17cb87c61e5bea314ac34a16 SHA512: d86c0151fabf21b418b007465e3f5b3fd0b2de0a9652057fd465b1f7e91b01d00f83a737e972ea994a5d9231e8cb27e64e576852390fe6c2ad502f0d099fe5f4 https://cache.ru ..read more
Visit website
CVE-2024-39908 : DoS in REXML
Ruby | A programmer's Best Friend
by
2M ago
There is a DoS vulnerability in REXML gem. This vulnerability has been assigned the CVE identifier CVE-2024-39908. We strongly recommend upgrading the REXML gem. Details When it parses an XML that has many specific characters such as <, 0 and %>. REXML gem may take long time. Please update REXML gem to version 3.3.2 or later. Affected versions REXML gem 3.3.1 or prior Credits Thanks to mprogrammer for discovering this issue. History Originally published at 2024-07-16 03:00:00 (UTC) Posted by watson1978 on 16 Jul 2024 ..read more
Visit website
Ruby 3.3.4 Released
Ruby | A programmer's Best Friend
by
2M ago
Ruby 3.3.4 has been released. This release fixes a regression in Ruby 3.3.3 that dependencies are missing in the gemspec of some bundled gems: net-pop, net-ftp, net-imap, and prime [Bug #20581]. The fix allows Bundler to successfully install those gems on platforms like Heroku. If your bundle install runs correctly now, you may not have this issue. Other changes are mostly minor bug fixes. Please see the GitHub releases for further details. Release Schedule Going forward, we intend to release the latest stable Ruby version (currently Ruby 3.3) every 2 months after a .1 release. For Ruby 3.3, 3 ..read more
Visit website
Ruby 3.3.3 Released
Ruby | A programmer's Best Friend
by
3M ago
Ruby 3.3.3 has been released. This release includes: RubyGems 3.5.11 Bundler 2.5.11 REXML 3.2.8 strscan 3.0.9 --dump=prism_parsetree is replaced by --parser=prism --dump=parsetree Invalid encoding symbols raise SyntaxError instead of EncodingError Memory leak fix in Ripper parsing Bugfixes for YJIT, **{}, Ripper.tokenize, RubyVM::InstructionSequence#to_binary, --with-gmp, and some build environments Please see the GitHub releases for further details. Download https://cache.ruby-lang.org/pub/ruby/3.3/ruby-3.3.3.tar.gz SIZE: 22105219 SHA1: b71971b141ee2325d99046a02291940fcca9830c SHA256: 8 ..read more
Visit website
Ruby 3.3.2 Released
Ruby | A programmer's Best Friend
by
3M ago
Ruby 3.3.2 has been released. This release includes many bug-fixes. See the GitHub releases for further details. Download https://cache.ruby-lang.org/pub/ruby/3.3/ruby-3.3.2.tar.gz SIZE: 22095824 SHA1: b49719ef383c581008c1fd3b68690f874f78557b SHA256: 3be1d100ebf2a0ce60c2cd8d22cd9db4d64b3e04a1943be2c4ff7b520f2bcb5b SHA512: a15ba8d6c2830fcd1f2b36f671acf9028c303ec78608fd268da0585db8e95ddd971666e8029bcfa2584da2184a6534e1f2f2da07fa7ca4494e8d842eed206f00 https://cache.ruby-lang.org/pub/ruby/3.3/ruby-3.3.2.tar.xz SIZE: 16349500 SHA1: 5c9f7d5cf55d9e45b24c613014cbe2b605de009d SHA256: b5e8a8ed4 ..read more
Visit website
Datadog provides OSS community support for ruby-lang.org
Ruby | A programmer's Best Friend
by
3M ago
We are excited to announce that Ruby’s official website, ruby-lang.org, has adopted Datadog for monitoring by Datadog OSS community support. This allows us to effectively monitor the performance and availability of the site in real time for Ruby users. This key benefits of using Datadog include the following. CDN Visibility cache.ruby-lang.org provided by Fastly is most important infrastructure of Ruby ecosystem. Datadog enables monitoring of Content Delivery Network (CDN) performance. It tracks cache coverage, error rate, enhancing user experiences. Unified Data Visualization We have various ..read more
Visit website

Follow Ruby | A programmer's Best Friend on FeedSpot

Continue with Google
Continue with Apple
OR