Monday, December 28, 2009

How's your stable?

Ruby is a nice language, but its community makes me sick.

On December 7, 2009, CVE-2009-4124 was fixed by SVN revision 26038.  However, this fix was a bit buggy: #2463.  This issue was fixed in trunk by SVN revision 26052 on December 9, 2009.

Now the funny thing.  http://www.ruby-lang.org/en/downloads/ says "The current stable version is 1.9.1" and "Ruby 1.9.1-p376 (md5:  ebb20550a11e7f1a2fbd6fdec2a3e0a3) Stable Version (recommended)".

For those who still don't get it: neither 1.9.1-p376 nor ruby_1_9_1 branch at all contains fix for #2463.  I tried to add another issue, which was immediately closed as "duplicate of #2463".

19 days have passed so far and current recommended stable version still contains bug that nobody cares about.  By the way, this bug affects Rails.

Have a nice day.

No comments:

Post a Comment