Updated: 2024-03-26 15:11:04
Articles Topics All Articles Domain-Driven Design Testing Ruby on Rails React JS Async Remote Piotr Jurewicz March 26, 2024 improve this article ruby rails Do you tune out Ruby deprecation warnings and check why 5600+ Rails engineers read also this Do you tune out Ruby deprecation warnings Looking into deprecation warnings is an essential habit to maintain an up-to-date tech stack . Thanks to the explicit configuration of ActiveSupport : Deprecation in the environment-specific configuration files , it's quite common to handle deprecation warnings coming from Rails . However , I rarely see projects configured properly to handle deprecation warnings coming from Ruby itself . As we always want to keep both Rails and Ruby up-to-date , it's crucial to handle both types of deprecation . warnings
Updated: 2024-03-21 04:00:00
: Ruby A Programmer's Best Friend Home Downloads Documentation Libraries Community News Security About Ruby Menu CVE-2024-27281 : RCE vulnerability with rdoc_options in RDoc Posted by hsbt on 21 Mar 2024 We have released the RDoc gem version 6.3.4.1, 6.4.1.1, 6.5.1.1 and 6.6.3.1 that have a security fix for a RCE vulnerability . This vulnerability has been assigned the CVE identifier CVE-2024-27281 Details An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing rdoc_options used for configuration in RDoc as a YAML file , object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be . restored When loading the documentation cache , object injection and resultant remote code
Updated: 2024-03-21 04:00:00
: Ruby A Programmer's Best Friend Home Downloads Documentation Libraries Community News Security About Ruby Menu CVE-2024-27280 : Buffer overread vulnerability in StringIO Posted by hsbt on 21 Mar 2024 We have released the StringIO gem version 3.0.1.1 and 3.0.1.2 that have a security fix for a buffer overread vulnerability . This vulnerability has been assigned the CVE identifier CVE-2024-27280 Details An issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string , and a subsequent call to StringIO.gets may return the memory . value This vulnerability is not affected StringIO 3.0.3 and later , and Ruby 3.2.x and . later Recommended action We recommend to update
Updated: 2024-03-15 10:37:05
Articles Topics All Articles Domain-Driven Design Testing Ruby on Rails React JS Async Remote PaweÅ Pacana March 15, 2024 improve this article ruby gems How to get burned by 16 years old hack in 2024 and check why 5600+ Rails engineers read also this There's a project I'm consulting on where programmers develop predominantly in cloud environment . This setup simplifies a lot of moving parts and has the benefit of providing everyone homogenous containers to run code . If it runs on my box â it will run on everyone's box . In that case , that box is Linux-based . It has the drawback of having greater latency and being more resource-constrained than a beefy local machine a developer is equipped with , i.e . MacBook Pro running on Apple . Silicon Recently we've upgraded this development
Updated: 2024-03-14 00:06:22
Articles Topics All Articles Domain-Driven Design Testing Ruby on Rails React JS Async Remote Maciek Korsan March 14, 2024 improve this article css hotwire rails How to add a loading animation to your turbo frame with TailwindCSS and check why 5600+ Rails engineers read also this How to add a loading animation to your turbo frame with TailwindCSS Ever been working on a project and hit a snag That's what happened to me recently . I came across a turbo frame that was slow to load and didn't show any signs of loading . Talk about confusing Waiting a few eternities for the historic transactions tab to . load The busy attribute of the turbo frame The easiest way to add a loading state to the turbo frame is to insert the loader inside the frame tag . Problem is that it only works on the very
