A new Ruby 1.9.1 release, Ruby 1.9.1-p376 is out.
Everyone using Ruby 1.9.1 should consider upgrading to p376 because it contains a fix for a heap overflow vulnerability:
There is a heap overflow vulnerability in String#ljust, String#center and String#rjust. This has allowed an attacker to run arbitrary code in some rare cases.
The bug is in rb_str_justify, more details about the bug are available. The vulnerability only exists on 1.9.1.
1.9.1-p376 also brings many bug fixes for other problems, details from the 1.9.1-p376 release notes:
* Irb extension commands had been broken. It was fixed.
* Ripper had not been able to parse some Ruby codes. It was fixed.
* Fixed build failures on AIX.
* Some bug fixes of Matrix.
* Can load gems which is installed in an user's home directory.
* Some method became returning a string with a correct encoding.
Meanwhile, work on Ruby 1.9.2 is progressing (Changelog for the Ruby 1.9 trunk (Caution: large file)). Ruby 1.9.2 was delayed earlier this year to make sure it actually complies with RubySpec tests.
Community comments
a good news for Ruby 1.9.1
by bb Ghost /
a good news for Ruby 1.9.1
by bb Ghost /
Your message is awaiting moderation. Thank you for participating in the discussion.
a good news for Ruby1.9.1!i will change it now!