Category Archives: open source

XSS vulnerability on Simple Form

There is a XSS vulnerability on Simple Form’s error options. Versions affected: >= 2.0.0 Not affected: < 2.0.0 Fixed versions: 3.1.0, 3.0.3, 2.1.2 Impact When Simple Form renders an error message it marks the text as being HTML safe, even though it may contain HTML tags. In applications where the error message can be provided … »

Read more at the source

Thank you, Carlos Antonio!

Carlos Antônio, our first employee, is moving forward after 5 years at Plataformatec. In this blog post, we share a bit about our story, open source projects, and what Carlos is leaving as legacy to us.

Read more at the source

Tips for keeping your Open Source Software issues tracker tidy

Charlie Somerville recently tweeted he wished there was a good guide about maintaining open source software: I wish there was a good guide on maintaining OSS projects. I’m a maintainer of a reasonably popular project and I have NFI what I’m doing. — Charlie Somerville (@charliesome) April 26, 2014 In between consultancy jobs and building […]

Read more at the source

VSCircularDial – open source iOS component

VSCircularDial is an UIView enhancement which provides you a 360 degree scrollable dial. This component can be dropped into your project and used as it is or can be customized as per your need. It can be downloaded from github. … Continue reading →

Read more at the source

What can we do right now?

June 3, 2009

Last month I picked up a new kindle from Amazon and have been reading a handful of books. One book that I’ve been really impressed with is Chad Fowler’s new book, The Passionate Programmer.

I plan to post some more thoughts in upcoming articles, but wanted to share this gem.

“If you treat your projects like a race, you’ll get to the end a lot faster than if you treat them like a prison cell. Create movement. Be the one who pushes. Don’t get comfortable. Always be the one to ask, “But what can we do right now?”” - Chad Fowler, The Passionate Programmer

Sometimes we feel stuck, but that doesn’t stop us from stepping to the side and assessing the situation. There is always something useful that we could be doing right now.

[…]

Support plans for Ruby 2.0.0 and Ruby 2.1

February 24, 2016

We announce the future support plans for Ruby 2.0.0 and Ruby 2.1.

About Ruby 2.0.0

As it has been announced before, all support for Ruby 2.0.0 has ended today. Bug and security fixes from more recent Ruby versions will no longer be backported to 2.0.0, and no further patch release of 2.0.0 will be released.

We highly recommend that you upgrade to Ruby 2.3 or 2.2 as soon as possible.

Please contact us via the ruby-core ML if you’d like to continue maintaining the 2.0.0 branch as for some justifiable reason you can’t upgrade.

About Ruby 2.1

We are planning to release Ruby 2.1.9 by the end of March. After the release, we will end the normal maintenance phase of 2.1, and start the security maintenance phase of it. This means that after the release of 2.1.9 we will never backport any bug fixes to 2.1 except security fixes.

We recommend that you start planning to upgrade to Ruby 2.3 or 2.2.

By the way, we are also planning to release Ruby 2.1.10 just after releasing 2.1.9. This is not a bug fix release nor a security fix release. We have never experienced a two-digit version number of Ruby. Therefore, we consider it important to test such a release without any critical security fixes.

Ruby 2.1.10 will not include any changes from 2.1.9, except for its version number. You do not have to use it on production, but you should test it before the release of 2.1.11 which will probably include security fixes.

Posted by usa on 24 Feb 2016

[…]

The Ruby Rails Aggregator