Ruby 2.6.5, 2.5.7 and 2.4.8 to be Released

Updates to the different 2.x versions of Ruby brings different dangerous bugs fixes
02 October 2019   198

Corrective releases of the programming language Ruby 2.6.5, 2.5.7 and 2.4.8 have been generated in which four vulnerabilities have been fixed. The most dangerous vulnerability (CVE-2019-16255) is in the Shell standard library (lib / shell.rb), which allows code substitution. In the case of processing the data received from the user in the first argument of the Shell # [] or Shell # test methods used to check for the presence of a file, the attacker can achieve an arbitrary Ruby method call.

Other fixed issues:

  • CVE-2019-16254 - susceptibility of the embedded WEBrick http-server to the attack on the separation of HTTP responses (if the program substitutes unverified data in the HTTP response header, then you can split the header through inserting the line feed character);
  • CVE-2019-15845 substitution of the null character (\ 0) into the ones checked through the methods "File.fnmatch" and "File.fnmatch?" file paths can be used for false positives;
  • CVE-2019-16201 - denial of service in the Diges authentication module for WEBrick.

You can get more info about each version at the official website pages. (2.6.5, 2.5.7 and 2.4.8)

Ruby/RoR News Digest 12 - 18.10

Linux file locking mechanisms in Ruby, delete_by and destroy_by in Rails, Shrine v. 3.0 release and othe updates of this week in Ruby
18 October 2019   69

Greetings! I hope your week went great! Here's new "gemmy" programming news digest.

In this digest you will learn how to debug hidden memory leaks in Ruby, get familiar with hashes and Array#intensection method in Ruby 2.7

Guides

  • Debugging Hidden Memory Leaks in Ruby

A tutorial on finding the big memory leak in new Rails 6 with heaptrack, mwrap, chap and iseq_collector.

  • Let's Hash This Out 

A guide about hashes usage, and why author loves Hash more than HashWithIndifferentAccess

  • Exploring Linux File Locking Mechanisms in Ruby

Guide about using file locking mechanins on Linux in Ruby.

Articles

  • Ruby 2.7 Introduces a Array#intersection method 

Ruby 2.7 added new method called intersection which is enlighten in this article

  • Rails 6 adds delete_by and destroy_by methods

Detailed view on the methods, which deletes or destroys all the records that match the passed conditions

Updates

  • Shrine 3.0

3rd major update of gem, designed to manage file attachments that supports resumable uploads and can work with Rails and standard Rack apps brings more "friedship" to non-Active record frameworks

  • Humanize

Makes your numbers look "fancy", or, in other words, turns it from 10 to "ten"

  • Piperator

It's a composable pipelines for enumerators, encouraged by Elixir’s pipe operator and Node.js streams.

  • Active Merchant

Regulary updated gem, a simple payment abstraction library for the Shopify

  • Xcodeproj

With its help, macOS/iOS developers can script away boring management tasks and/or auto generate projects