October 22, 2009
Community Highlights
I’m always impressed by the continuous flow of innovation from the Rails community. Below are just a few of the highlights from the past month. These stories all came from...
October 12, 2009
What's New in Edge Rails
So, Edge Rails is still chugging right along. There are new and interesting fixes, changes, and refactors going on all of the time. So, lets take a look at just...
September 15, 2009
RubyEnRails 2009
RubyEnRails 2009 goes down this 30/31 October in Amsterdam. Talks are in English and Dutch.RubyEnRails has been all-volunteer for four years running, building on a history of sweet venues, good...
September 6, 2009
What's New in Edge Rails: The Security Edition
It’s been a bit over two weeks since the last WNiER (“winner”?) post and in the time since our last visit, Ruby on Rails 2.3.4 was released to fix some...
September 4, 2009
Ruby on Rails 2.3.4: Security Fixes
We’ve released Ruby on Rails 2.3.4, this release fixes bugs and introduces a few minor features. Due to the inclusion of two security fixes, all users of the 2.3 series...
September 4, 2009
Timing Weakness in Ruby on Rails
There is a weakness in the code Ruby on Rails uses to verify messagedigests in the cookie store. Because it uses a non-constant time algorithm toverify the signatures an attacker...
September 4, 2009
XSS Vulnerability in Ruby on Rails
There is a vulnerability in the escaping code for the form helpers inRuby on Rails. Attackers who can inject deliberately malformed unicodestrings into the form helpers can defeat the escaping...
September 2, 2009
A Month in Rails
Lots of great content coming out of the community in the past month. Below you’ll find some of the most useful tutorials and libraries I’ve found over the past few...
September 1, 2009
Gem Packaging: Best Practices
Understand Ruby’s Load Path<p>When you call <code>load</code> or <code>require</code> a new file, Ruby searches through the files in its load path. This allows you to require files relative to the...
August 31, 2009
Three reasons to love ActionController::Responder
A couple weeks ago, I wrote about the newly added ActionController::Responder which summarizes your application behavior for a specified format in just one place. For example, the default html behavior...