Ruby 2.6.5, 2.5.7 and 2.4.8 to be Released

Updates to the different 2.x versions of Ruby brings different dangerous bugs fixes
02 October 2019   560

Corrective releases of the programming language Ruby 2.6.5, 2.5.7 and 2.4.8 have been generated in which four vulnerabilities have been fixed. The most dangerous vulnerability (CVE-2019-16255) is in the Shell standard library (lib / shell.rb), which allows code substitution. In the case of processing the data received from the user in the first argument of the Shell # [] or Shell # test methods used to check for the presence of a file, the attacker can achieve an arbitrary Ruby method call.

Other fixed issues:

  • CVE-2019-16254 - susceptibility of the embedded WEBrick http-server to the attack on the separation of HTTP responses (if the program substitutes unverified data in the HTTP response header, then you can split the header through inserting the line feed character);
  • CVE-2019-15845 substitution of the null character (\ 0) into the ones checked through the methods "File.fnmatch" and "File.fnmatch?" file paths can be used for false positives;
  • CVE-2019-16201 - denial of service in the Diges authentication module for WEBrick.

You can get more info about each version at the official website pages. (2.6.5, 2.5.7 and 2.4.8)

Ruby/RoR News Digest 8 - 14.02

Guide on Ruby concurrency, understanding Rails secrets\credentails, system tests in Rails with Minitest and other interesting things
14 February 2020   232

Greetings! I hope your week went great! Here's new Ruby news digest.

Learn about automatic image moderation with Amazon Rekognition, the easy way of configurating Kubernetes for Ruby, how to migrate from Rails API to Crystal and AWS Lambda and check more intesting stuff. 

Guides

  • Opening The Ruby Concurrency Toolbox

This guide covers threads, fibers, guilds with some practical comparisons

  • Automatic image moderation using Amazon Rekognition

Amazon Rekognition detects inappropriate content in images and it can be used in Ruby with ActiveStorage

  • Understanding Rails secrets/credentials

Basic guide about storing secrets and credentials that don't need to be stored in plaintext

  • Rubynetes: Kubernetes config the easy way

Learn how to use Ruby with Kubernetes without YAML

  • Getting Started With System Tests in Rails With Minitest

Beginners tutorial on testing in Rails using popular solution

  • My Experience Migrating a Rails API to Crystal and AWS Lambda – Part I

A story, which can be used as a tutorial for migrating from Rails API to Crystal and AWS Lambda

Articles

  • Rails introduces disallowed deprecations in ActiveSupport

A newspost with detailed code example on new ActiveSupport feature

Updates

  • GitHub CLI is now in beta

New GitHub command line tool is now available in beta 

  • The Twitter Ruby Gem

A Ruby interface for the Twitter API

  • httplog

This solution will help for networks working - allows to log outgoing HTTP request with Ruby