The Ruby Reflector

Object taint bypassing in DL and Fiddle in Ruby (CVE-2013-2065)

And some small bugfixes are also included.

See tickets and ChangeLog for details.

Download

You can download this release from:

ftp://ftp.ruby-lang.org/pub/ ruby/1.9/ruby-1.9.3-p429.tar.bz2 SIZE: 10042323 bytes MD5: c2b2de5ef15ea9b1aaa3152f9112af1b SHA256: 9d8949c24cf6fe810b65fb466076708b842a3b0bac7799f79b7b6a8791dc2a70

ftp://ftp.ruby-lang.org/pub/ ruby/1.9/ruby-1.9.3-p429.tar.gz …

• Topics: Ruby, Fiddle
• A Fresh Cup: Double Shot #1128

Version conflicts and dependency hells can be very time-consuming and annoying, too. Ruby-on-Rails programs for example need the right combination of Ruby Version (for example Ruby 1.8.7 or 1.9.2), the right Ruby-On-Rails Version (2.3.8 or 3.2), and the right RubyGems Version (say 1.3.5). The gems or plugins have their own versions, too. The whole system only works if everything fits together. In the beginning this is no problem, for a new system usually everything is up-to-date. …

• Topics: Ruby-on-Rails, Computer software, RubyGems, Linux kernel, Plugins
• The Life Of A Radar: Ubuntu, Ruby, RVM, Rails, and You
• Eddorre.com: Using Ruby Enterprise Edition and Passenger on OS X with RVM
• Ruby Inside: Let's Build a Simple Video Game with JRuby: A Tutorial
• Plataformatec Blog: Rails 3 with RVM FTW!
• RailsCasts: Episode 200: Rails 3 Beta and RVM
• Jason Seifer: Mac OS X Post Install Guide, May 2010

All ruby 1.9 versions prior to ruby 1.9.3 patchlevel 426

All ruby 2.0 versions prior to ruby 2.0.0 patchlevel 195

prior to trunk revision 40728

ruby 1.8 versions are not affected.

Credits

Thanks to Vit Ondruch for reporting this issue.

History

Originally published at 2013-05-14 13:00:00 (UTC)

• Topics: Fiddle, Ruby, Workarounds, Numbers, CVE
• Ruby News: Ruby 1.9.3-p429 is released

Q. In 2005, what did David Heinemeier Hansson create in 15 minutes, which helped kick start the popularity of Rails?

A. A blog

Q: What major feature was recently pulled from Rails 4.0?

A: The Queue API

Q. What version of Rails first included support for Rack?

A. Version 2.2 (We also accepted Version 2.3)

Q. What Ruby web framework joined forces with Rails 2 to create Rails 3?

A. Merb

Q. How many Ruby core classes were monkey-patched by Rails' …

• Topics: Ruby on Rails, New Relic, Railsconf, Ruby, SQL
• Heroku: Running Rails on Heroku Update
• Ruby Inside: This Week in Ruby: Matz on Ruby 2.0, Numerous Conference CFPs, Tenderlove on define_method
• A Fresh Cup: Double Shot #1048
• Giles Bowkett: Historical Context For Web Geek Information Marketing
• paperplanes: Form Objects with ActiveModel
• Opscode Blog: Chef 11 Released!

Back in January, newly-minted Ruby Hero Sandi Metz introduced her rules for developers in an episode of Ruby Rogues Book Club .

I encourage you to listen to the podcast or read over the transcript.

The day that the discussion of these rules started at thoughtbot, we were about to start a new project. While they may be targeted at less experienced developers, we thought that they could have interesting implications in the code we wrote. The team agreed to stick …

• Topics: Sandi Metz, Rule, User, Dashboard, Ruby on Rails
• the evolving ultrasaurus: diversity is a means not an end
• Ruby News: The Barcelona Ruby Conference Call for Papers is Open
• Practicing Ruby: Issue #23: SOLID Design Principles
• The Pug Automatic: Why mixed responsibilities resist refactoring
• DevChix: DevChix Speaking at Conferences 2012
• Ruby Inside: Ruby Rogues: A New Ruby Podcast with 5 Ruby Rascals

The Rackspace Cloud Application Programming Interface ( API) has changed the game allowing customers to easily modify their cloud configuration with just a few lines of code. The API is a powerful tool and something everyone should know about, regardless of your level of technical ability.

aiCache creates a better user experience by increasing the speed scale and stability of your web-site. Test aiCache acceleration for free. No sign-up required. http://aicache.com/deploy …

• Topics: Application Programming Interface, Aerospike, Relational Database Service, Products, User
• Merbist: Designing for scalability
• New Relic: Check out NetworkedHelpDesk.org, a new initiative for sharing business-critical data across your company
• MySQL Performance Blog: DotOrg Pavilion and MySQL Community Awards at Percona Live MySQL Conference and Expo 2013
• terrbear.org: Peeping Tom: A free (open source) site pinger
• carpeaqua by Justin Williams: My Ultimate Developer and Power Users Tool List for Mac OS X (2011 Edition)

Cinco and Co and I (center with glasses)

Mentors agree to commit at least two hours a week for 12 weeks working with the girls and their teacher/coaches to build their mobile application. Every Tuesday, I left work a little early to make my commitment to the girls. Part of what makes me love working at New Relic is the support (financial, time and energy energy) and encouragement with which everyone has backed these efforts.

For the last four months, I've gotten to know five very …

• Topics: New Relic, Relic, Chris Kelly, General Motors, Quest
• Rails Inside: How a Realtime SMS Questions Service Scaled To Super Bowl Traffic with Rails
• Global Nerdy: Future Visions

If you love something you should set it free or lose everything . Fred Wilson observes: This is a classic case of the innovator's dilemma. RIM felt that letting BBM out in the open would make it easier for Blackberry users to leave. So they kept it proprietary. For way too long. Now they no longer have a dominant smartphone franchise or a dominant mobile messenger franchise.

When Big Data ecosystems start merging it's not the end of the world, but building a different …

• Topics: Scalability, Titan, Netflix, RTT, Betaworks
• MySQL Performance Blog: Is Synchronous Replication right for your app?

This week we released the first release candidate version of Devise that is fully compatible with Rails 4, and we're bumping its version to 3.0. This version completely drops support for Rails 3.1 and Ruby 1.8.7, only keeping compatibility with both Rails 3.2 and Rails 4, running with Ruby 1.9.3 and 2.0.

This rc version took some time to get ready, we've been running a rails4 branch for some time already and one of the reasons was because of the changes required to make …

• Topics: Ruby on Rails, Ruby, Devise, API, Scope
• A Fresh Cup: Double Shot #1126
• Giles Bowkett: How I Understand Ember's MVC
• New Relic: Making the Move to Rails 3
• Hobo Blog: Hobo 2.0.0 released!
• Phusion Corporate Blog: Rails SQL injection vulnerability: hold your horses, here are the facts
• mir.aculo.us: Embedding Canvas and SVG charts in emails

We can work through prototyping ideas with Solidify , iterate quickly, test those ideas and teach our customers to prototype long after we've engaged with them on a project. When clients come back, we can re-engage at a higher level. Our clients now have access to the same specialized tools we use. Our product design suite continues to get better every day.

In the process of working through a project, customers will eventually need to hire employees to own our work that we've …

• Topics: ZURB, Expo, UX, Smith, Company
• Lee Munroe: How To Design A Sexy Button Using CSS
• New Relic: Community News: Secrets of High Traffic WordPress Blogs and More