What's New in Ruby: January 2013 edition

Every month, Kansas City Ruby (#kcruby) reviews a subset of Peter Cooper's fantastic Ruby Weekly selections, along with other items picked up around the web.

Upgrade your Rails apps.

There is a trivially exploitable remote code execution vulnerability in all versions of rails. The vulnerability is related to the XmlMini xml parser used by the rails ParamsParser which prepares the "params" object for ActionController. By supplying YAML contents parsed via XML elements using "type=yaml" attackers can instantiate arbitrary objects in the rails runtime which can be exploited through core rails and application-defined method calls. Several exploitable conditions have been confirmed, the worst of which result in RCE via shell commands in the underlying system.

31 articles about Rails 4

31 - Page and Action Caching Gem Extraction 30 - Generate Controller-Wide ETags 29 - Strong Parameters 28 - HTTP PATCH Verb 27 - Collection Form Helpers 26 - Observers Gem Extraction 25 - Rails.queue 24 - Renaming *_filter to *_action 23 - Asynchronous Action Mailer 22 - Not Equal support for Active Record queries 21 - Dalli replaces memcache-client 20 - Dynamic index.html 19 - ActiveModel::Model 18 - Register your own flash types 17 - ActiveRecord::SessionStore Gem Extraction 16 - New HTML5 Form Input Helpers 15 - Routing Concerns 14 - Rails 4 requires at least Ruby 1.9.3 13 - Sprockets Rails 12 - Russian Doll Caching & Cache Digests 11 - What's new in Active Record 10 - MiniTest 9 - Rails::Plugin reaches end of life 8 - ActiveResource Gem Extraction 7 - Rails 4 is thread safe by default 6 - Schema Cache Dump 5 - Turbolinks 4 - ActiveModel Absence Validator 3 - A love affair with PostgreSQL 2 - Live Streaming 1 - Rails 4 Upgrading Guide

Ruby 1.9.3-p362 is released

Following in the long tradition of Christmas Day MRI releases, this year we get Ruby 1.9.3-p362. It's focused on bug fixes but also promises "Windows 8 support (hopefully)."

DHH on the Parley list

This is long and rambling, but has some interesting thoughts.


RailsPanel is a Chrome extension for Rails development that will end your tailing of development.log. Have all information about your Rails app requests in the browser - in the Developer Tools panel. Provides insight to db/rendering/total times, parameter list, rendered views and more.

Benchmarking with Ruby

Compare different code to see what runs faster.

Easier debugging with capybara-screenshot

As the name suggests, when a capybara test fails, the gem will automatically take a screenshot of what the browser rendered.

Get your app ready for Rails 4

A lookahead to see what you can do now to your application ready.

Established 2005 · Databasically © 2016