Guides Hackfest

I’m pleased to finally announce the Rails Guides Hackfests. And we got really exciting prizes too! There is a list of guides available at Lighthouse You can select one of those, update the ticket and start writing the guide straight away.

For each completed guide, the author will receive all of the following prizes :

You can find more details at http://hackfest.rubyonrails.org/guide

Special thanks to GitHub, Newrelic & Caboose documentation project for making the hackfest a lot more exciting!

Rails 2.0.4: Maintenance release

Thanks to Git it’s been a lot easier to maintain older branches of the code base, so we’ve taken the opportunity to backport a bunch of bug fixes to the 2.0 branch and here’s the release for that.

The only major issue is that we’ve fixed the REXML DoS vulnerability with a monkey patch that ships in the box. So if you’re on 2.0 and haven’t dealt with the issue already, you can upgrade to 2.0.4 and get it fixed.

You can install with: gem install rails --version 2.0.4

See all the changes

UPDATE: The actual 2.0.4 gem didn’t get published yesterday due to a bug in the release script. It’s been fixed and 2.0.4 is actually available on the main gem repository. Sorry about that!

Tell your Rails story

I’ve been receiving some very moving stories about how people came to be Rails programmers from incredibly diverse backgrounds over the years. I even talked to a taxi driver once who was taking me to the airport that was doing Rails. Or the guys who were looking to quit programming who started enjoying it again with Rails.

All these are powerful stories that I’d love if we could share with the world. So let’s try to do that! If you have a great story about how you came to Rails, then please send it to david at loudthinking dot com with the subject “My Rails story”. I’ll filter all those into a folder and we’ll find a way to publish them.

Juggernaut: Server-side push for Rails

Juggernaut is a combination of a small Ruby server, a Flash bridge, and a plugin that makes it easy to do server-side push systems in Rails. I played with this idea with Rich Killmer a few years ago and even made a small demo system to present at a conference, but never made it to the finish line of something releasable. So it’s fantastic to see that the guys behind Juggernaut did.

DoS Vulnerabilities in REXML

The ruby-security team have published an advisory about a DoS bug affecting REXML users. Almost all rails applications will be affected by this vulnerability and you’re strongly advised to take the mitigating steps recommended in the advisory. If you’re not sure whether your application could be affected, you should upgrade.

The announcement contains details describing the monkeypatch solution, but to summarise:

Versions 1.2.6 and earlier

  1. Copy the fix file into RAILS_ROOT/lib
  2. Require the file from environment.rb
    require ‘rexml-expansion-fix’

Versions 2.0.0 and later

Copy the fix file into RAILS_ROOT/config/initializers, it will be required automatically.

This fix is also available as a gem, to install it run:

gem install rexml-expansion-fix

Then add require ‘rexml-expansion-fix’ to your environment.rb file. The manual fix and the gem are identical, if you have applied one you do not need to apply the other.

Josh Peek officially joins the Rails core

Josh Peek has been a defacto Rails core committer for a while, but for some reason we’ve never actually made the appointment official. So here it goes: Josh Peek is the latest Rails core team member. Three cheers hurray!

Josh has been working on a Google Summer of Code project to bring thread safety to Rails and is just about ready to wrap it up. Rails 2.2 will be thread safe thanks to the work that Josh has put into it.

Of more importance, though, is the significant effort put into making things faster and cleaner as part of that push. The actual thread safety won’t really matter much to most people, but it’ll surely look nice on your enterprisey check list of Features Your Framework Must Have To Get Play Around Here.

In any case, please welcome Josh!