Ruby 2.6.5, 2.5.7 and 2.4.8 to be Released

Updates to the different 2.x versions of Ruby brings different dangerous bugs fixes
02 October 2019   200

Corrective releases of the programming language Ruby 2.6.5, 2.5.7 and 2.4.8 have been generated in which four vulnerabilities have been fixed. The most dangerous vulnerability (CVE-2019-16255) is in the Shell standard library (lib / shell.rb), which allows code substitution. In the case of processing the data received from the user in the first argument of the Shell # [] or Shell # test methods used to check for the presence of a file, the attacker can achieve an arbitrary Ruby method call.

Other fixed issues:

  • CVE-2019-16254 - susceptibility of the embedded WEBrick http-server to the attack on the separation of HTTP responses (if the program substitutes unverified data in the HTTP response header, then you can split the header through inserting the line feed character);
  • CVE-2019-15845 substitution of the null character (\ 0) into the ones checked through the methods "File.fnmatch" and "File.fnmatch?" file paths can be used for false positives;
  • CVE-2019-16201 - denial of service in the Diges authentication module for WEBrick.

You can get more info about each version at the official website pages. (2.6.5, 2.5.7 and 2.4.8)

Ruby/RoR News Digest 5 - 11.10

Minitest style guide, why RSpec tests fail algorithms behind RuboCop complexity metrics and much more in this week's Ruby\Rails news digest
11 October 2019   162

Greetings! I hope your week went great! Here's new "gemmy" programming news digest.

In this digest you will be able to check the minitest style guide, learn how to troubleshoot the RSpec test fail and get familiar with algorithms behind Rubocop complexity metrics. Also, there are two videos with tips and tricks and system test creating in Rails

Guides

  • The Minitest Style Guide

Style guide for the popular Ruby testing library

Articles

  • Ruby 2.7 deprecates automatic conversion from a hash to keyword arguments

Ruby 3.0, however, will have ‘real’ keyword arguments separated from the idea of hashes instead of initial Ruby's legacy approach in this field; so the automatic conversion of a supplied hash into keyword arguments will yield a warning in Ruby 2.7.

  • Why RSpec Tests Fail (and How To Fix Them)

Examples of where RSpec tests could fail and thoughts on fixing such issues.

  • Algorithms behind RuboCop complexity metrics

Learn how RuboCop calculates its complexity metrics on code.

Updates

  • Spree

4th major version of the "complete open source ecommerce solution for Ruby on Rails"

  • will_paginate

Update of the pagination library that works with Ruby on Rails, Sinatra, Hanami::View, Merb, DataMapper and Sequel.

  • PunyLinux

Build automation  for a minimal Linux system.

Video

  • Episode #210 - Rails Tips and Tricks

  • How to Write System Tests in Rails

Podcasts

  • 290: Ruby for Good with Polly Schandorf

Brittany Martin, host of the 5by5 Ruby on Rails podcasts talks with Polly Schandorf is an organizer of Ruby for Good, an hackathon-of-sorts about using Ruby to make the world “gooder”