There is a DoS vulnerability in the REXML library used by Rails to parse incoming XML requests. A so-called "XML entity explosion" attack technique can be used for remotely bringing down (disabling) any application which parses user-provided XML. Most Rails applications will be vulnerable to this attack.
Posted by Shugo Maeda on 23 Aug 2008
Ruby 1.8.7-p72 and 1.8.6-p287 have been released. The last releases were incomplete, and the new releases include fixes of the previously announced vulnerability of dl.
The released source archives are available at:
Posted by Shugo Maeda on 11 Aug 2008
Multiple vulnerabilities have been discovered in Ruby. It's recommended that you upgrade to the latest versions.
Posted by Shugo Maeda on 08 Aug 2008
RubyConf 2008 will be held in Orlando, Florida, USA, from November 6 to November 8.
Proposals for presentations are now begin accepted. All proposals must be received by August 21.
Posted by james on 04 Aug 2008
Multiple vulnerabilities in Ruby may lead to a denial of service (DoS) condition or allow execution of arbitrary code.
Posted by Shugo Maeda on 20 Jun 2008