Multiple Security Holes In Ruby 1.8, 1.9 148
ruphus13 notes a six-pack of serious vulnerabilities discovered in Ruby by a member of Apple's security team, Drew Yao. Patches are linked from the ruby-lang.org advisory. "With the following vulnerabilities, an attacker can lead to denial of service condition or execute arbitrary code... These vulnerabilities are likely to crop up in just about any average ruby web application. And by 'crop up' I mean 'crop up exploitable from trivial user-specified parameters.' It's not hard to begin imagining cases where Ruby/Rails programmers use code similar to the samples above to routinely handle user input."
Re:The real story (Score:1, Informative)
The bugs found are fairly basic honestly.
If these were found in any MS product it wouldnt matter how fast they were patched.
Re:Derailed (Score:3, Informative)
Re:Goes to show ... (Score:3, Informative)
I'd interpret the same facts the other way around. A decade isn't very long for a programming language to mature. Ruby and PHP have both only been around for a decade, so they're not very mature. I do most of my coding in perl, but have done one significant project in ruby, and I can see some advantages and disadvantages of each. If you really like OOP, and/or you have a project that's naturally well suited to the OOP approach, then perl is an extremely awkward language, and ruby is much more natural. However, perl is 21 years old, and the perl 5 implementation is extremely mature. You simply don't run into the kind of implementation bugs in perl that you do in ruby. As a concrete example, my ruby project does a lot of string munging, and I had to choose between using ruby 1.9 in order to get a regex engine that was as full-featured as perl's, or using ruby 1.8. I chose 1.9, and after the project was complete and working well, I started running into cases where the interpreter's regex engine would crash the interpreter. You could say it's my own darn fault for choosing a beta version of the language, but with a more mature language I wouldn't have had to make a choice like that between features and stability. I've also had ruby code break because of changes in the design of the language, and that has never, ever happened to me with perl. (And before anyone starts up about how perl 6 will break everyone's code, no, it won't. Perl 6 will run perl 5 code in compatibility mode.)