ConFoo 2016 is looking for Ruby speakers

ConFoo - Conference for Web DevelopersConFoo is once more seeking passionate speakers for the upcoming conference.

The event is happening in Montreal, Canada, between February 24th and 26th, 2016. It is an exciting conference for web developers with speakers from all over the world. It unites many web programming languages under one roof, as well as other topics related to web development. The call for papers closes on September 20th.

For the last few years, ConFoo renewed 50% of its speakers. If you’re new to this conference, you should definitely submit.

If you would just like to attend, there is a discount until October 13th.

Posted by afilina on 31 Aug 2016

Read more at the source

Ruby 2.2.5 Released

Ruby 2.2.5 has been released.

This release includes many bug fixes.
See the ChangeLog
for details.

Download

  • https://cache.ruby-lang.org/pub/ruby/2.2/ruby-2.2.5.tar.bz2

    SIZE:   13350551 bytes
    SHA1:   f78473fe60a632b778599374ae64612592c2c9c1
    SHA256: 22f0c6f34c0024e0bcaaa8e6831b7c0041e1ef6120c781618b833bde29626700
    SHA512: d3224814361c297bc36646c2e40f63c461ccf5a77fea5a3acdcb2c7ad1705bb229ac6abbd7ad1ae61cbe0fefd7a008c6102568d11366ad3107179302cd3e734e
    
  • https://cache.ruby-lang.org/pub/ruby/2.2/ruby-2.2.5.tar.gz

    SIZE:   16654395 bytes
    SHA1:   457707459827bd527347a5cee7b4dc509b486713
    SHA256: 30c4b31697a4ca4ea0c8db8ad30cf45e6690a0f09687e5d483c933c03ca335e3
    SHA512: 3dd8688c64b8b143bdd6b0f123b7c2ecdd1b93c7c9ee51b2774a3b0b864897789932c7ad406293a6ab12c9eb9db9cfb2940fc14e2afc4f79718994f7668cbd5f
    
  • https://cache.ruby-lang.org/pub/ruby/2.2/ruby-2.2.5.tar.xz

    SIZE:   10457620 bytes
    SHA1:   58484284dd613e139e8f7023b1168e9034a8766d
    SHA256: f86feaa0a578e8da0924ced3ec68b25b50d69fc9a72cc8d919bc3c73f85f87d7
    SHA512: 6da4bdb0a43d56c7a8e4dddbcacf237e998ebb54706c8f835b53713dbdf924e40d5f89f63017515e1d66904ca01f28058cf296567104e06540c57f036dcdd0fe
    
  • https://cache.ruby-lang.org/pub/ruby/2.2/ruby-2.2.5.zip

    SIZE:   18493821 bytes
    SHA1:   e4f497e5b79768ae93dd73ac26da4ff5dd722bfe
    SHA256: d5094d7cc50266772a8352c68b7fcd865889fd174c09e2f11bb003696cd04bb3
    SHA512: b3789063252e361aa4598ecd9170fc360f0d5685497975ce09442fe5815c438b67b95fc67e56b99ab4044a49715ed1a8b1fb089f757c7c0d1a777536e06de8cf
    

Release Comment

Thanks to everyone who helped with this release.

With this release, the maintainer of Ruby 2.2 changed from nagachika-san to usa.
About two thirds of the changes included in this release were made by nagachika-san.
Thanks for his great contributions.

The maintenance of Ruby 2.2, including this release,
is based on the “Agreement for the Ruby stable version” of the
Ruby Association.

Posted by usa on 26 Apr 2016

Read more at the source

Ruby 2.1.10 Released

Ruby 2.1.10 has been released.
This release is not intended for production use, but for compatibility tests with two-digit version numbers.
You don’t have to replace Ruby 2.1.9 by 2.1.10 in normal use.

As announced in the 2.1.9 release post, Ruby 2.1.10 does not include any changes from 2.1.9, except for its version number (and only one small related change in its test suite).
Please test your applications and/or libraries for compatibility with two-digit version numbers.

Download

  • https://cache.ruby-lang.org/pub/ruby/2.1/ruby-2.1.10.tar.bz2

    SIZE:   12015299 bytes
    SHA1:   22dcd759d8cbb14c8735988fbc7ee5c35f9d4720
    SHA256: a74675578a9a801ac25eb7152bef3023432d6267f875b198eb9cd6944a5bf4f1
    SHA512: 4b7213695416876e4de3cbce912f61ac89db052c74f0daa8424477991cfc49b07300e960177ff576b634a97ee8afef3c5aded5d5806329dbd01d0ce7b42b9b63
    
  • https://cache.ruby-lang.org/pub/ruby/2.1/ruby-2.1.10.tar.gz

    SIZE:   15165837 bytes
    SHA1:   2a5194b1fd42a3f1f23f1e0844ae78332a9efd5d
    SHA256: fb2e454d7a5e5a39eb54db0ec666f53eeb6edc593d1d2b970ae4d150b831dd20
    SHA512: 5f9c0cc3d10b4e04c63f001b4add782c34b9f260368f48b443b397cea57680d328f7c28cbb2a9be4c2f5acd114bac07dacb100d57018fa4d2a1792fc03083418
    
  • https://cache.ruby-lang.org/pub/ruby/2.1/ruby-2.1.10.tar.xz

    SIZE:   9362868 bytes
    SHA1:   adcc9e10b8f7add0e19f8c70afc134c069a862ca
    SHA256: 5be9f8d5d29d252cd7f969ab7550e31bbb001feb4a83532301c0dd3b5006e148
    SHA512: 72406ac133af7f057d4633d2a300e49e133881f6b36ff4cdf6c72b4ff4325de332fc5a45c96ea407140a8bf09cdc307e13107c539196902e5b67b7d24cd72dc9
    
  • https://cache.ruby-lang.org/pub/ruby/2.1/ruby-2.1.10.zip

    SIZE:   16706304 bytes
    SHA1:   402158192b7673cb4e7a67f48f6d93945bc9fd13
    SHA256: 21cf83156ec782d17827fb9c8a945626dfd68cf0d9eb5ca7a78b12eb91c6f1fb
    SHA512: 5490fc4726a1efaea8c7c541ca3102013b00a0af2903d15009307265c93b218bb13aab0007d279823c740a9b173d957ca79f2d8f25932f04763ec1aa18d164e8
    

Release Comment

Thanks to everyone who helped with this release.

Posted by usa on 1 Apr 2016

Read more at the source

Ruby 2.1.9 Released

Ruby 2.1.9 has been released.

This release includes many bug fixes.
See ChangeLog
for details.

As announced before, this is the last normal release of the Ruby 2.1 series.
After this release we will never backport any bug fixes to 2.1 except security fixes.
We recommend that you start planning to upgrade to Ruby 2.3 or 2.2.

By the way, we are planning to release Ruby 2.1.10 in a few days.
Ruby 2.1.10 will not include any changes from 2.1.9, except for its version number.
You do not have to use it on production, but you should test it because it has a two-digit version number.

Download

  • https://cache.ruby-lang.org/pub/ruby/2.1/ruby-2.1.9.tar.bz2

    SIZE:   12016421 bytes
    SHA1:   39524185b580a3390a3b5019819c8b28d3249766
    SHA256: 4f21376aa11e09b499c3254bbd839e68e053c0d18e28d61c428a32347269036e
    SHA512: a86422132e4c64007a84a91696f4557bdcbc8716fbfe1962f1eef3754ee7f994f4de0b5b7e7231c25057515767040d5c4af33339750b6db15744662e9bd24f38
    
  • https://cache.ruby-lang.org/pub/ruby/2.1/ruby-2.1.9.tar.gz

    SIZE:   15166126 bytes
    SHA1:   dd68afc652fe542f83a9a709a74f4da2662054bf
    SHA256: 034cb9c50676d2c09b3b6cf5c8003585acea05008d9a29fa737c54d52c1eb70c
    SHA512: 1e03aa720e932f019c4651c355e8ef35b87fdf69b054c9d39a319467d2a8e5bfe4995cbacd9add36b832c77761a47c9d1040f00e856ad5888d69ec7221455e35
    
  • https://cache.ruby-lang.org/pub/ruby/2.1/ruby-2.1.9.tar.xz

    SIZE:   9395648 bytes
    SHA1:   5e89efa5189c3def8ee8de18ce750a7e4a20ac32
    SHA256: 39f203f7498aed2456fb500147fada5adcbf102d89d4f6aca773ebcadd8ea82a
    SHA512: 1f331a8910fd7a9ab9c41bf56aef12041dd413ad49c696f6df2c9a7ec3a3d5cdf383f2a3d30949ea37b8ecb39f50355e526412b36ed4e07b60733d9db4d2bd14
    
  • https://cache.ruby-lang.org/pub/ruby/2.1/ruby-2.1.9.zip

    SIZE:   16696728 bytes
    SHA1:   4aa288b65fbf12692ac53577adc561c9a0f6a6ca
    SHA256: 8610fdb1836d493c19600cfed4828083f85197096c0aea3f73fa1ed532cbb5a7
    SHA512: a212b6a58637f6bf4f456d7ecc7bbd8ceaa0c3f16cb844b872eb62eaf261b5874fdb79705241d05a356fcdc1d3fdd8a94fcd8e6ca62190e9f544c8f45a9f41af
    

Release Comment

Thanks to everyone who helped with this release.

The maintenance of Ruby 2.1, including this release, is based on the “Agreement for the Ruby stable version” of the Ruby Association.

Posted by usa on 30 Mar 2016

Read more at the source

Support plans for Ruby 2.0.0 and Ruby 2.1

We announce the future support plans for Ruby 2.0.0 and Ruby 2.1.

About Ruby 2.0.0

As it has been announced before, all support for Ruby 2.0.0 has ended today.
Bug and security fixes from more recent Ruby versions will no longer be
backported to 2.0.0, and no further patch release of 2.0.0 will be released.

We highly recommend that you upgrade to Ruby 2.3 or 2.2 as soon as possible.

Please contact us via the ruby-core ML if you’d like to continue maintaining
the 2.0.0 branch as for some justifiable reason you can’t upgrade.

About Ruby 2.1

We are planning to release Ruby 2.1.9 by the end of March.
After the release, we will end the normal maintenance phase of 2.1,
and start the security maintenance phase of it.
This means that after the release of 2.1.9 we will never backport
any bug fixes to 2.1 except security fixes.

We recommend that you start planning to upgrade to Ruby 2.3 or 2.2.

By the way, we are also planning to release Ruby 2.1.10 just after
releasing 2.1.9. This is not a bug fix release nor a security fix release.
We have never experienced a two-digit version number of Ruby.
Therefore, we consider it important to test such a release
without any critical security fixes.

Ruby 2.1.10 will not include any changes from 2.1.9,
except for its version number.
You do not have to use it on production, but you should test it before
the release of 2.1.11 which will probably include security fixes.

Posted by usa on 24 Feb 2016

Read more at the source

Ruby 2.3.0 Released

We are pleased to announce the release of Ruby 2.3.0.

This is the first stable release of the Ruby 2.3 series.
It introduces many new features, for example:

A frozen string literal pragma
is introduced.
With Ruby 2.1, "str".freeze has been optimized to reduce object allocation.
Ruby 2.3 introduces a new magic comment and command line option to
freeze all string literals in the source files.
Additionally for debugging, you can get where the object is created on
"can't modify frozen String" error by using the
--debug=frozen-string-literal command line option.

A safe navigation operator
(so-called lonely operator) &.,
which already exists in C#, Groovy, and Swift, is introduced to ease
nil handling as obj&.foo. Array#dig and Hash#dig are also added.
Note that this behaves like try! of Active Support,
which specially handles only nil.

The did_you_mean gem is bundled.
The did_you_mean gem
shows the candidates on the NameError and NoMethodError to ease
debugging.

RubyVM::InstructionSequence#to_binary and .load_from_binary are introduced as experimental features. With these features, we can make a ISeq (bytecode) pre-compilation system.

Ruby 2.3 also includes many performance improvements, for example
reconsidering method entry data structure,
introducing new table data structure,
optimizing Proc#call,
machine code level tuning for object allocation and method calling code,
smarter instance variable data structure,
exception: false keyword argument support on Socket#*_nonblock methods,
and so on. Check the “Implementation improvements” section in the NEWS file.

For a complete list of new features and compatibility notes, please see
NEWS and
ChangeLog.

With those changes, 2946 files changed, 104057 insertions(+), 59478 deletions(-) since Ruby 2.2.0!

Merry Christmas, Happy Holidays, and enjoy programming with Ruby 2.3!

Download

  • https://cache.ruby-lang.org/pub/ruby/2.3/ruby-2.3.0.tar.bz2

    SIZE:   14185617 bytes
    SHA1:   6c8a832d49d22755ea8c45b6d53faf2ccc6d6ac9
    SHA256: ec7579eaba2e4c402a089dbc86c98e5f1f62507880fd800b9b34ca30166bfa5e
    SHA512: 77b707359e754c3616699d21697752741497c719dc3d6fdfb55ed639e76d52560d293ae54cbe5c63be78dc73fbe60f1b8615d704d017bdfe1994aa9747d26a6c
    
  • https://cache.ruby-lang.org/pub/ruby/2.3/ruby-2.3.0.tar.gz

    SIZE:   17648682 bytes
    SHA1:   2dfcf7f33bda4078efca30ae28cb89cd0e36ddc4
    SHA256: ba5ba60e5f1aa21b4ef8e9bf35b9ddb57286cb546aac4b5a28c71f459467e507
    SHA512: 914d0201ecefaeb67aca0531146d2e89900833d8d2a597ec8a19be94529ab6b4be367f9b0cee2868b407288896cc14b64d96150223cac0aef8aafc46fc3dd7cc
    
  • https://cache.ruby-lang.org/pub/ruby/2.3/ruby-2.3.0.tar.xz

    SIZE:   11294412 bytes
    SHA1:   96e620e38af351c8da63e40cfe217ec79f912ba1
    SHA256: 70125af0cfd7048e813a5eecab3676249582bfb65cfd57b868c3595f966e4097
    SHA512: d893c5e6db5a0533e0da48d899c619964388852ef90e7d1b92a4363d5f189cd2dba32a009581f62b9f42a8e6027975fc3c18b64faf356f5e3ac43a8d69ec5327
    
  • https://cache.ruby-lang.org/pub/ruby/2.3/ruby-2.3.0.zip

    SIZE:   19840511 bytes
    SHA1:   3f88617568d9a4f491e8b32dca532363f73eaa71
    SHA256: 8270bdcbc6b62a18fdf1b75bd28d5d6fc0fc26b9bd778d422393a1b98006020a
    SHA512: a3f397bb3c9c19d9b797552c5d60bb01c82db884cfa966df84881125bea35713cffd99f88fb86b271bae72d9cfb09ad9b33838cffcf6365c091459479914fdef
    

Posted by naruse on 25 Dec 2015

Read more at the source

Ruby 2.1.8 Released

Ruby 2.1.8 has been released.

This release includes a security fix for the Fiddle and DL extensions.
Please view the topic below for more details.

And, many bug fixes are also included.
See ChangeLog
for details.

Download

  • https://cache.ruby-lang.org/pub/ruby/2.1/ruby-2.1.8.tar.bz2

    SIZE:   12014426 bytes
    SHA1:   0284eaf42ac76a641abd5cd4b6bd933abeb9934e
    SHA256: 250d0b589cba97caddc86a28849365ad0d475539448cf76bbae93190985b3387
    SHA512: 7129c012bca7f0e7cfa51c73ba0898697f7a9f31abd5ae57d38be5b6b646fd80ab33be9b262cd3e2486c66f65aaf4ec6e881ae6e5a82ec9df62f00fa072510fc
    
  • https://cache.ruby-lang.org/pub/ruby/2.1/ruby-2.1.8.tar.gz

    SIZE:   15154017 bytes
    SHA1:   c7e50159357afd87b13dc5eaf4ac486a70011149
    SHA256: afd832b8d5ecb2e3e1477ec6a9408fdf9898ee73e4c5df17a2b2cb36bd1c355d
    SHA512: 155121ed00a1a56e40a74bafd93dcc34a0ea65c56589cf36daa8318368acc12cc88cb73aba548ef204c8d2ad917b0feccf90b5608a86d1aca1203feca2263386
    
  • https://cache.ruby-lang.org/pub/ruby/2.1/ruby-2.1.8.tar.xz

    SIZE:   9382672 bytes
    SHA1:   e1f4e043006a762604c042e6aac7540854a92d8c
    SHA256: 94eeae3b3e3ac93cfd205e1aaef4c5325227b7656cbb2fc1ee217618145dd19d
    SHA512: c712ee69cb1d41ad8420177b9564e451ab795e4903f1edc20c14aa189b8e38c54c5119d913204d13a5f8fa424f2ec43bfad04c77b313ea4533e23a9b1d161392
    
  • https://cache.ruby-lang.org/pub/ruby/2.1/ruby-2.1.8.zip

    SIZE:   16686848 bytes
    SHA1:   b554328fb3d9f2a527adc5830de221b00e3ce2b9
    SHA256: 6e0491e029a6f4c40bc091033c5bc91f65438f3f9153f93f1b86889521e79cee
    SHA512: 2f9409460c8729fff96522baf5c4a74e1a648db1749a471ee3b6523d8c01e1faaf5f17afdffcaf355654f23e8c2ac392830109dd68dfc4e5a694d95155c593b6
    

Release Comment

Thanks to everyone who helped with this release.

The maintenance of Ruby 2.1, including this release, is based on the “Agreement for the Ruby stable version” of the Ruby Association.

Posted by usa on 16 Dec 2015

Read more at the source

CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL

There is an unsafe tainted string usage vulnerability in Fiddle and DL.
This vulnerability has been assigned the CVE identifier
CVE-2015-7551.

Details

There is an unsafe tainted string vulnerability in Fiddle and DL.
This issue was originally reported and fixed with CVE-2009-5147 in DL,
but reappeared after DL was reimplemented using Fiddle and libffi.

And, about DL, CVE-2009-5147 was fixed at Ruby 1.9.1,
but not fixed at other branches, then rubies which bundled DL
except Ruby 1.9.1 are still vulnerable.

Impacted code looks something like this:

handle = Fiddle::Handle.new(dangerous_user_input)

Or:

handle = Fiddle::Handle.new(some_library)
function_pointer = handle[dangerous_user_input]

All users running an affected release should either upgrade or use one of
the workarounds immediately.

Affected Versions

  • All patch releases of Ruby 1.9.2 and Ruby 1.9.3 (DL and Fiddle).
  • All patch releases of Ruby 2.0.0 prior to Ruby 2.0.0 patchlevel 648 (DL and Fiddle).
  • All versions of Ruby 2.1 prior to Ruby 2.1.8 (DL and Fiddle).
  • All versions of Ruby 2.2 prior to Ruby 2.2.4 (Fiddle).
  • Ruby 2.3.0 preview 1 and preview 2 (Fiddle).
  • prior to trunk revision 53153 (Fiddle).

Workarounds

If you cannot upgrade, the following monkey patch can be applied as a
workaround for Fiddle:

class Fiddle::Handle
  alias :old_initialize :initialize

  def initialize file, *args
    raise SecurityError if file.tainted? && $SAFE > 0
    old_initialize file, *args
  end

  alias :sym :[]
  alias :old_call :[]

  def [] fun
    raise SecurityError if fun.tainted? && $SAFE > 0
    old_call fun
  end
end

If you are using DL, use Fiddle instead of it.

Credits

Thanks to Christian Hofstaedtler zeha@debian.org for reporting this issue!

History

  • Originally published at 2015-12-16 12:00:00 UTC

Posted by usa on 16 Dec 2015

Read more at the source
close