Topicfire Ruby on Rails News

Post-its and Interviews Part 1

2013-05-21T15:01:39+00:00

I was in a meeting room I'd not visited before the other day and I saw a great idea on the wall. At a glance, I saw what another team had been doing. With a little more thought and discussion with a co-worker, I was able to build a more...

Ruby 1.9.3-p429 is released

2013-05-14T18:33:57+00:00

Now Ruby 1.9.3-p429 is released. We once released p426 some hours before, but it had build problems on some platforms. Use this p429 instead, please. This release includes a security fix about bundled DL / Fiddle. Object taint bypassing in DL and Fiddle in Ruby (CVE-2013-2065) And some small bugfixes are also included. See...

Object taint bypassing in DL and Fiddle in Ruby (CVE-2013-2065)

2013-05-14T14:35:20+00:00

There is a vulnerability in DL and Fiddle in Ruby where tainted strings can be used by system calls regardless of the $SAFE level set in Ruby. This vulnerability has been assigned the CVE identifier CVE-2013-2065. Impact Native functions exposed to Ruby with DL or Fiddle do not check the taint values set on the...

Ruby 2.0.0-p195 is released

2013-05-14T14:35:19+00:00

Ruby 2.0.0-p195 is released. This is the first patchlevel release of 2.0.0. This release include a security fix of Ruby DL/Fiddle extension. Object taint bypassing in DL and Fiddle in Ruby(CVE-2013-2065) And there’re many bug-fixes and some optimization, and documentation fixes. Downloads ftp://ftp.ruby-lang.org/pub/ruby/2.0/ruby-2.0.0-p195.tar.bz2 SIZE:...

Ruby 1.9.3-p426 is released

2013-05-14T14:35:18+00:00

Now Ruby 1.9.3-p426 is released. This release includes a security fix about bundled DL / Fiddle. Object taint bypassing in DL and Fiddle in Ruby (CVE-2013-2065) And some small bugfixes are also included. See tickets and ChangeLog for details. Download You can download this release from: ftp://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.3-p426.tar.bz2 ...