Uh oh, it's upgrade time again. Monday, the official Ruby 1.9 maintainer (Yuki Sonoda, a.k.a. Yugui) announced a heap overflow vulnerability in Ruby 1.9.1 and, subsequently, the release of Ruby 1.9.1-p376 (patch level 376). As the current production level release of Ruby, this is a crucial upgrade - unless you're still using Ruby 1.8.x, which isn't affected at all.
As well as fixing the vulnerability, Ruby 1.9.1-p376 also includes over 100 bug fixes on the previous release, none of which are particularly interesting. You can check this release's change log to see if anything affects you.
If you want to download Ruby 1.9.1-p376 now, the following URLs will work direct:
- http://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.1-p376.tar.bz2
- http://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.1-p376.tar.gz
- http://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.1-p376.zip
No comments:
Post a Comment