The Ruby Rails Aggregator

Home
Companies
Jobs
Feed Channels
Contact Us
About Us

- Category
- Tag
- Author
- Date
- Search for
cancel

Ruby 2.1.4 Released

- Ruby News
- October 27, 2014
- Uncategorized

Ruby 2.1.4 has been released.

This release includes security fixes for the following vulnerabilities:

CVE-2014-8080: Denial of Service XML Expansion
Changed default settings of ext/openssl related to CVE-2014-3566

And there are some bug-fixes….

Howdy Rip!

June 11, 2009

Chris Wanstrath (@defunkt) just posted the following on twitter.

“Hello Rip – http://hellorip.com/“

The Rip project describes itself as, “an attempt to create a next generation packaging system for Ruby.”

One of the cool features is that it supports multiple environments. For example, you can have different Rip environments (with different gem versioning) that are targeted towards specific applications. I have to dig around more through the project, but this looks fascinating.

Check it out at http://hellorip.com/

I’m also curious as to how you think you might be able to start using this.

What are some ways that you could use Rip—http://heybrainstormr.com/t/pgte

[…]

Security issue – symbol DoS vulnerability in ActiveRecord

August 29, 2013

There is a symbol DoS vulnerability in Active Record. When a hash is provided as the find value for a query, the keys of the hash may be converted to symbols. Have a look at this example: 1User.where(:name => { 'foo' => 'bar' }) When you write this small piece of code, the string ‘foo’ […] […]