A new Ruby 1.9.1 release, Ruby 1.9.1-p376 is out.
Everyone using Ruby 1.9.1 should consider upgrading to p376 because it contains a fix for a heap overflow vulnerability:
There is a heap overflow vulnerability in String#ljust, String#center and String#rjust. This has allowed an attacker to run arbitrary code in some rare cases.
The bug is in rb_str_justify, more details about the bug are available. The vulnerability only exists on 1.9.1.
1.9.1-p376 also brings many bug fixes for other problems, details from the 1.9.1-p376 release notes:
* Irb extension commands had been broken. It was fixed.
* Ripper had not been able to parse some Ruby codes. It was fixed.
* Fixed build failures on AIX.
* Some bug fixes of Matrix.
* Can load gems which is installed in an user's home directory.
* Some method became returning a string with a correct encoding.
Meanwhile, work on Ruby 1.9.2 is progressing (Changelog for the Ruby 1.9 trunk (Caution: large file)). Ruby 1.9.2 was delayed earlier this year to make sure it actually complies with RubySpec tests.
How might we improve InfoQ for you
Thank you for being an InfoQ reader.
Each year, we seek feedback from our readers to help us improve InfoQ. Would you mind spending 2 minutes to share your feedback in our short survey? Your feedback will directly help us continually evolve how we support you.
Community comments
a good news for Ruby 1.9.1
by bb Ghost,
a good news for Ruby 1.9.1
by bb Ghost,
Your message is awaiting moderation. Thank you for participating in the discussion.
a good news for Ruby1.9.1!i will change it now!