Ruby on Rails developer salary in Russia October 2017

Russian Ruby on Rails developers labor market analysis according to the results of October, 2017
10 October 2017   2388

We publish the analysis of the labor market of developers in Russia monthly. For Ruby on Rails developers there were 766 vacancies. The vacancy rates were distributed as follows. 

Salary EstimateRuby on Rails Russia October 2017
Ruby on Rails developer salary estimate 

The most of the developers are required in Moscow, the least in some remote areas.

Ruby on Rails developer vacancies in different cities Russian October 2017
Number of Ruby on Rails developer vacancies in different cities

Ruby on Rails developers are the most required by the following company brunches: 

  • IT, System Integration, Internet
  • Media, Marketing, Advertising, PR, Design, Production
  • Financial Sector

Number of vacancies in different companies Ruby on Rails Russia October 2017
Number of Ruby on Rails developer vacancies in different companies

According to the experience required, the vacancies are distributed as follows.

Number of vacancies by experience level Ruby on Rails Russia October 2017
Ruby on Rails developer vacancies by the experience level

The average salary for Ruby on Rails developer in Russia is about 1,872.

The analysis was carried out by the Hype.codes portal method using the hh.ru data.

Ruby and Rails to Get New Updates

Six vulnerabilities in the RubyGems package management system are now fixed and three in Rails framework
14 March 2019   624

There are corrective versions of the Ruby 2.6.2 and 2.5.4 programming language, which eliminate six vulnerabilities in the RubyGems package management system:

  • CVE-2019-8324: the ability to execute code when installing an untested package (an attacker can place the code on the gemspec and this code will be executed via a call to eval to ensure_loadable_spec at the verification stage before installation);
  • CVE-2019-8320: the ability to delete directories through manipulations with symbolic links when unpacking tar files;
  • CVE-2019-8321: the ability to substitute escape sequences through the handler Gem :: UserInteraction # verbose;
  • CVE-2019-8322: the ability to substitute escape sequences through the command "gem owner";
  • CVE-2019-8323: Ability to substitute escape sequences in the API handler (Gem :: GemcutterUtilities # with_response);
  • CVE-2019-8325: The ability to substitute escape sequences through error handlers (Gem :: CommandManager # run calls alert_error without escaping characters).

In addition, an update was provided to the Rails 4.2.11.1, 5.0.7.2, 5.1.6.2, 5.2.2 framework. and 6.0.0.beta3 with the elimination of three vulnerabilities:

  • CVE-2019-5420 - potentially allows you to remotely execute your code on the server, when Rails is running in Development Mode. If there is information about the attacked application, you can predict the automatically generated mode token for developers, knowledge of which allows you to achieve the execution of your code;
  • CVE-2019-5418 is a vulnerability in the Action View that allows you to get the contents of arbitrary files from the server's file system by sending a specially crafted HTTP Accept header if the code in the "render file:" handler is present.
  • CVE-2019-5419 - DoS-vulnerability in Action View (MODULE / COMPONENT), allowing to achieve 100% load on the CPU through manipulations with the contents of the HTTP-header Accept;