We now have a series of patches to fix various bugs against 1.8.7 so I (Urabe Shyouhei) decided to release them. Here they are.
And excuse me for absence of a detailed release note... Please read the ChangeLog instead.
Continue Reading…
Posted by Urabe Shyouhei on 25 Dec 2009
Ruby 1.9.1-p376 just has been released. This is a patch level release of Ruby 1.9.1 and includes the fix of CVE-2009-4124.
The previous release, Ruby 1.9.1-p243 has a security vulnerability that allows heap overflow. This vulnerability was found by Emmanouel Kellinis, KPMG London.
I recommend all Ruby 1.9.1 users to upgrade to p376. But the vulnerability does not affect Ruby 1.8 series.
Continue Reading…
Posted by Yugui on 07 Dec 2009
There is a heap overflow vulnerability in String#ljust
, String#center
and String#rjust
. This has allowed an attacker to run arbitrary code in some rare cases.
- All releases of Ruby 1.9.1.
This vulnerability does not affect Ruby 1.8 series.
Continue Reading…
Posted by Yugui on 07 Dec 2009
MountainWest RubyConf 2010 will be held March 11 and 12, 2010, in Salt Lake City, UT, USA.
http://mtnwestrubyconf.org
Talk proposals are being accepted right this very minute!
Submit yours here.
But don’t delay! The submission deadline is midnight (MST) on December 31st, 2009.
Continue Reading…
Posted by james on 03 Dec 2009