Tag Archives: ror

MIT 開發出靜態分析工具,找出 23 個 RoR 軟體未被發現的漏洞

MIT 弄出來的新玩意,靜態分析工具叫做 Space:「New MIT Scanner Finds Web App Flaws in a Minute」,MIT 官方的報導在「Patching up Web applications」這邊: In tests on 50 popular Web applications written using Ruby on Rails, the system found 23 previously undiagnosed security flaws, and it took no … Continue reading

Posted in Computer, Murmuring, Network, Programming, Security, Software, WWW | Tagged , , , , , , , , , , , | Leave a comment

Ruby 2.2.0:放假前的新版本

Ruby 2.2.0 在假期前釋出:「Ruby 2.2.0 Released」。 在「Notable Changes since 2.1」的部份有提到新的 GC algorithm (Incremental GC) 以及讓 Symbol 可以被 GC (Symbol GC),而且提到了 Rails 5.0 會受益於此: Recent developments mentioned on the Rails blog suggest that Rails 5.0 will take advantage of Incremental GC as … Continue reading

Posted in Computer, Murmuring, Programming, Software | Tagged , , , , , , | Leave a comment

GitHub 升級到 Rails 3 了...

GitHub 從 2.3.github 特製版升級到 Rails 3:「Upgrading GitHub to Rails 3 with Zero Downtime」,其中切換的原因之一是維護成本: This choice has bitten us in the form of gem incompatibility, having to manually backport security patches, missing out on core framework performance and feature improvements, and … Continue reading

Posted in Computer, Murmuring, Programming, Software | Tagged , , , , | Leave a comment

請僅快確認這次 RoR 所提供的安全性公告

下午遇到布丁大長輩的時候他還很開心說「我用 2.3 沒問題的啊~」XDDD 今天 Ruby on Rails 官方對 Active Record 發出安全性通報以及更新 (類別為 SQL Injection):「[ANN] Rails 3.2.10, 3.1.9, and 3.0.18 have been released!」。 請不要只看標題,這次的安全性問題包括所有版本,而非 3.x 而已。這次的安全性問題太過歡樂,所以除了在支援的版本以外 (3.1 與 3.2),這次的安全性問題還是提供了 2.3 與 3.0 的 patch 讓人下載,並提供當無法使用 patch 時的 workaround:「SQL Injection Vulnerability in … Continue reading

Posted in Computer, Database, Murmuring, Network, Programming, Security, Software, WWW | Tagged , , , , , , , | 1 Comment