A denial of service (DoS) vulnerability was found on the BigDecimal standard library of Ruby. Conversion from BigDecimal objects into Float numbers had a problem which enables attackers to effectively cause segmentation faults.
ActiveRecord relies on this method, so most Rails applications are affected by this. Though this is not a Rails-specific issue.
Posted by Urabe Shyouhei on 09 Jun 2009
Recently we have a welcome, historic development that the Ruby 1.8.6's maintenance stewardship moved from me (Urabe Shyouhei) to Kirk Haines of Engine Yard.
Posted by Urabe Shyouhei on 23 May 2009
Ruby 1.9.1-p129 has been released.
This is a patch level release for Ruby 1.9.1. This fixes many bugs and two security vulnerabilities. This release contains security fix so we recommend all 1.9.1 users to upgrade your ruby.
Posted by Administrator on 12 May 2009
Updates to already-released Ruby 1.8.7 and 1.8.6 have been released.
This time we have fixed dozens of bugs, including workarounds for CVE-2007-1558. Many segfaults are also fixed. For a complete list of what has been fixed, please read the ChangeLogs.
The released tarballs are available at:
Posted by Urabe Shyouhei on 18 Apr 2009
The schedule for the upcoming MountainWest RubyConf is available.
You can also keep track of the conference via twitter. Just follow @mwrc
MountainWest RubyConf is being held in Salt Lake City, UT, USA, March 13 and 14 2009.
Posted by james on 25 Feb 2009