Ruby 1.8.3 Has Been Released
Ruby 1.8.3 has been released. Thank you for the developers and users.
Mirror: http://rubyforge.org/frs/download.php/6155/ruby-1.8.3.tar.gz ftp://ftp.ruby-lang.org/pub/ruby/ruby-1.8.3.tar.gz md5sum: 63d6c2bddd6af86664e338b31f3189a6
In ruby-dev mail list for Japanese guys are trying to write what’s new in 1.8.3, a press release for media and so on, but nobody works them yet.
Akira Yamada, a maintainer of ruby package in Debian, blogged that he would make the new package as soon as possible.
This includes a vulnerability fix.
The diagram in this Japanese document describes a bit detail of the vulnerability. It says that using plugins (which denote making instances in eval?) you could pass through Ruby security sandbox system.
Debian package ruby1.8 1.8.3-1 is out in unstable.
Matz talked about 1.8.4 release plan. 24 Dec will be the day. If an urgent release is required, (i) 1.8.4 might be out before the day or (ii) 184.108.40.206 might be released.