This release includes security fixes about bundledand REXML.
Denial of and Unsafe Object Creation Vulnerability in JSON (CVE-2013-0269)
Entity expansion vulnerability in REXML ( bomb)
And some small bugfixes are also included.
You can download this release from:
<URL:ftp://ftp.ruby-lang.org/pub/ ruby/1.9/ruby-1.9.3-p392.tar.bz2> SIZE: 10024221 …
When reading text nodes from an XML document, the REXML parser can be coerced in to allocating extremely large string objects which can consume all of the memory on a machine, causing a denial of service.
Impacted code will look something like this: document = REXML::Document.new some_xml_doc document.root.text
…it better than me. Some other , REXML in this case should be unbundled. agreed
I was proposing unbundling DRb andnot because their codebase sucks but simply because they aren't used by the vast majority of the community. treetop and shoes are very useful libraries also but they don't belong in stdlib either.
I'm not proposing we do this in the next 1.9.2 patch, but for 2.0, sure. Now that rubygems is in core (thanks!), I think we should …
These two libraries are beautifully simple and provide an excellent example of the power of ruby. There's a terrific amount of fun you can have with these two libraries.
Net::, Net::POP, Net:: ,
I've never used any of these libraries and can't say anything good or bad about …
I agree. Even forgetting the technical aspects, freeing these libraries from the clutches of the standard library and having defined maintainers (on, say, GitHub) could encourage more developers to engage with them, fork them, provide patches, and so forth, as we see with other popular Ruby libraries.
The sticking …
…as the base for higher-levelabstractions (e.g. httparty, rest-client).
So looking at Ruby's core RDoc , my suggested list for removal (where removal means move to a rubygem):
Any others I missed? Will1.9.3 or 2.0 get a good spring cleaning or will we have to live with these classes forever?
…Ruby comes packaged with ( RubyGems, RDoc, JSON, REXML, etc.). To do this, we just need to re-run YARD in our same Ruby source tree, but on the lib and ext directories instead. Fortunately, YARD already knows to look for lib and ext, so we don't actually need to pass any parameters, but let's pass a few so that we don't clobber our existing .yardoc and doc folders that we just created for the core docs. To specify a new .yardoc dir and HTML output folder, respectively, …
You can use anylibrary. I used REXML as it's already there if you have Ruby installed; so don't need to worry about any gem installs. You may also want to look at how REXML uses .
Submit your solution of your code, which includes a test file that answers the three questions.
How to Enter the Challenge
Read the Challenge Rules . By participating in this challenge, you agree to be bound by these Challenge Rules. It's free and registration …
…until you try to run REXML in the Ruby Standard Library. REXML has an Attributes class that inherits from Hash. The Attributes class then implements an each_attribute method. For good measure, it overrides each to use each_attribute . And each_attribute calls each_value . Waiter, I believe there's a StackError in my Attributes . The moral of the story: the two edges on this wonderful Ruby sword are sharp. It does take extra work to consider how methods on a particular class …
…nowadays, chances are that you're usingunderneath. Before that we only had REXML and , but Nokogiri delivered on performance. Another project was Mechanize. Because of that we now have great parsers for the main internet formats, specially if you consider that in the parser is actually the parser.
Direct video link
Also known as @and also known for Ruby Mendicant. I was used to use his …