A new Ruby 1.9.1 release, Ruby 1.9.1-p376 is out.
Everyone using Ruby 1.9.1 should consider upgrading to p376 because it contains a fix for a heap overflow vulnerability:
There is a heap overflow vulnerability in String#ljust, String#center and String#rjust. This has allowed an attacker to run arbitrary code in some rare cases.
The bug is in rb_str_justify, more details about the bug are available. The vulnerability only exists on 1.9.1.
1.9.1-p376 also brings many bug fixes for other problems, details from the 1.9.1-p376 release notes:
* Irb extension commands had been broken. It was fixed.
* Ripper had not been able to parse some Ruby codes. It was fixed.
* Fixed build failures on AIX.
* Some bug fixes of Matrix.
* Can load gems which is installed in an user's home directory.
* Some method became returning a string with a correct encoding.
Meanwhile, work on Ruby 1.9.2 is progressing (Changelog for the Ruby 1.9 trunk (Caution: large file)). Ruby 1.9.2 was delayed earlier this year to make sure it actually complies with RubySpec tests.
/filters:no_upscale()/sponsorship/topic/bfe5192b-a45b-4f11-a690-3612a3462921/TeleportConnectLogoRSB-1665047515149.png)
/articles/creating-decentralized-apps/en/smallimage/LOGO-1676916574942.jpg){kind=logo}
/articles/secure-delivery-workflow/en/smallimage/logo-1675435091128.jpg){kind=logo}
/presentations/secure-microservices/en/smallimage/Stefania Chaplin-s-1674204811056.jpg)
/articles/pipeline-quality-gates/en/smallimage/importance-of-pipeline-quality-gates-and-how-to-implement-them-small-1671622799937.jpg)
/presentations/api-design-quality-security/en/smallimage/infoq-live-logo-s-1671624167850.jpg){kind=logo}
/presentations/analyze-vulnerabilities-scanner/en/smallimage/alex-smolen-s-1670589517338.jpg)
/presentations/slack-dnssec/en/smallimage/qcon-plus-s-1667821196539.jpeg)
/presentations/owasp-secure-api-cloud/en/smallimage/Stefania Chaplin-s-1667476193319.jpg)
/presentations/perspectives-trust-security-privacy/en/smallimage/qcon-plus-s-1665739474830.jpeg)
/presentations/log4shell-security/en/smallimage/Simon-maple-s-1665986617483.jpg)
/presentations/zero-trust-security/en/smallimage/qcon-plus-s-1664526022932.jpeg)
/presentations/refactoring-rust/en/smallimage/qcon-plus-s-1679694299933.jpeg)
/presentations/aws-apache-airflow/en/smallimage/qcon-plus-s-1679694143127.jpeg)
/articles/billions-messages-minute/en/smallimage/LOGO-1679471830613.jpg){kind=logo}
/articles/ci-cd-observability/en/smallimage/logo-1679470476672.jpg){kind=logo}
/articles/visual-thinking/en/smallimage/LOGO-1679339789328.jpg){kind=logo}
/articles/framework-architectural-decisions/en/smallimage/logo-1679060242842.jpg){kind=logo}
/articles/asp-dotnet-minimal-apis/en/smallimage/logo-1678972581766.jpg){kind=logo}
Community comments
a good news for Ruby 1.9.1
by bb Ghost,
a good news for Ruby 1.9.1
by bb Ghost,
Your message is awaiting moderation. Thank you for participating in the discussion.
a good news for Ruby1.9.1!i will change it now!