2012 Archives
Ruby 1.9.3-p362 is released
According to this time, as usual, Ruby 1.9.3-p362 is released.
Posted by usa on 25 Dec 2012
2013 Fukuoka Ruby Award Competition—Entries to be judged by Matz
Dear Ruby Enthusiasts,
Posted by James Edward Gray II on 10 Nov 2012
Hash-flooding DoS vulnerability for ruby 1.9 (CVE-2012-5371)
Hash-flooding DoS attack reported for the Hash function ruby 1.9 series were using. This vulnerability is different from CVE-2011-4815 for ruby 1.8.7. All ruby 1.9 users are recommended to upgrade to ruby-1.9.3 patchlevel 327 to get this security fix.
Posted by usa on 9 Nov 2012
RuPy 2012 coming very soon
RuPy 2012 – the 5th edition Ruby, Python and JavaScript conference for hackers across the two hemispheres. 16-18 November 2012 in Brno, 8-9 December in São José.
Posted by hosiawak on 22 Oct 2012
Unintentional file creation caused by inserting an illegal NUL character (CVE-2012-4522)
A vulnerability was found that file creation routines can create unintended files by strategically inserting NUL(s) in file paths. This vulnerability has been reported as CVE-2012-4522.
Posted by usa on 12 Oct 2012
$SAFE escaping vulnerability about Exception#to_s / NameError#to_s (CVE-2012-4464, CVE-2012-4466)
Vulnerabilities found for Exception#to_s, NameError#to_s, and name_err_mesg_to_s() which is Ruby interpreter-internal API. A malicious user code can bypass $SAFE check by utilizing one of those security holes.
Posted by usa on 12 Oct 2012
ConFoo 2013—Call for Papers is Now Open!
ConFoo is one of the most important developer-oriented conferences and
includes Ruby content. ConFoo 2013 will be held on February 25 through
March 1 in Montreal, Canada.
Posted by James Edward Gray II on 7 Sep 2012
Ruby 1.8.7-p370 released
As we posted earlier, we provide you a normal bugfix-only relrease of 1.8.7 now.
Posted by Urabe Shyouhei on 29 Jun 2012
A Facebook Group
There is a new way to communicate with your fellow Ruby developers. Introducing the new Facebook group for the Ruby Programming Language. This group will allow for developers to communicate with fellow Ruby programmers and provide a means for collaborative solutions to problems members may face. It will also serve as source for news about the Ruby project, and events–such as local workshops–related to it. I present this group with great excitement and encourage all Ruby developers to join and invite others. We can create a powerful community, and the people you meet and work with here could possibly be recruited for projects you will likely be working on in the future.
Posted by James Edward Gray II on 2 Jun 2012
Server maintenance
Services of ruby-lang.org including www, mailing lists, and Subversion will be down for a server maintenance from Wed Jun 06 15:00:00 UTC 2012 until Wed Jun 06 20:00:00 UTC 2012. Sorry for inconvenience.
Posted by Shugo Maeda on 30 May 2012
Matz Earns the FSF's 2011 Free Software Award
The Award for the Advancement of Free Software is given annually to an individual who has made a great contribution to the progress and development of free software, through activities that accord with the spirit of free software.
Posted by James Edward Gray II on 29 Mar 2012
Security Fix for Ruby OpenSSL module: Allow "0/n splitting" as a prevention for the TLS BEAST attack.
In OpenSSL, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS option for SSL
connection is used to prevent TLS-CBC-IV vulnerability described at
[1]. It's known issue of TLSv1/SSLv3 but it attracts lots of
attention these days as BEAST attack [2] (CVE-2011-3389). Ruby
related topics are at our issue tracker [3].
Posted by Urabe Shyouhei on 16 Feb 2012