Ruby 1.9.1-p376 is released

Ruby 1.9.1-p376 just has been released. This is a patch level release of Ruby 1.9.1 and includes the fix of CVE-2009-4124.

CVE-2009-4124

The previous release, Ruby 1.9.1-p243 has a security vulnerability that allows heap overflow. This vulnerability was found by Emmanouel Kellinis, KPMG London.

I recommend all Ruby 1.9.1 users to upgrade to p376. But the vulnerability does not affect Ruby 1.8 series.

Other fixes

In addition, 1.9.1-p376 includes > 100 bug fixes.

  • Irb extension commands had been broken. It was fixed.
  • Ripper had not been able to parse some Ruby codes. It was fixed.
  • Fixed build failures on AIX.
  • Some bug fixes of Matrix.
  • Can load gems which is installed in an user's home directory.
  • Some method became returning a string with a correct encoding.

See the ChangeLog for more detail.

Location