What's new in Ruby: September 2012 edition

Every month, Kansas City Ruby (#kcruby) reviews a subset of Peter Cooper's fantastic Ruby Weekly selections, along with other items picked up around the web.

Rails 3.2.8 Released: important security fixes

This version contains three important security fixes, please upgrade immediately.
  • CVE-2012-3463 Ruby on Rails Potential XSS Vulnerability in select_tag prompt
  • CVE-2012-3464 Potential XSS Vulnerability in Ruby on Rails
  • CVE-2012-3465 XSS Vulnerability in strip_tags

One of security fixes impacts all users and is related to HTML escaping code. The other two fixes impacts people using select_tag's prompt option and strip_tags helper from ActionPack.

We are also removing all the deprecation warnings that we introduced in 3.2.x. We have decided to stop introducing API deprecations in all point releases going forward. From now on, it'll only happen in majors/minors.

User Thor to Build a Command Line Interface

For instance, this gist builds a basic command line ruby program with commands and options.

Bundler 1.2 Released

Specify the Ruby version and/or engine you want

ruby "1.9.3", :engine => "jruby", :engine_version => "1.6.7"

Package :git and :path Dependencies

bundle package --all
The bundle package command can also package :git and :path dependencies besides .gem files. This needs to be explicitly enabled via the --all option. Once used, the --all option will be remembered.

Local Git Repos

Now when developing against a remote git repository, you can use a local git repo and keep the remote version for deployment. You can do this by setting a local git override:
bundle config local.GEM_NAME /path/to/local/git/repository
Then, you can use your local development copy with a standard command:
gem 'rack', :github => 'rack/rack', :branch => 'master'

For a full list, check out the Bundler 1.2 release CHANGELOG

Established 2005 · Databasically © 2016