All Articles
122 articles on upgrading Ruby, Rails, and managing dependencies
Preparing for Ruby 4.0: Ten Gems Moving from Default Standard Library to Bundled
Ruby 4.0 moves ten gems from the default standard library to bundled gems. We cover the full list, rationale, app impacts, and Gemfile updates.
Fixing ActionController::RespondToMismatchError in Rails
Learn what causes ActionController::RespondToMismatchError in Rails, when it occurs, and discover practical strategies to resolve format handling issues in your controllers.
How to Fix The model: nil Error in form_with in Rails 8.0
Learn why Rails 8.0 throws an ArgumentError when passing model: nil to form_with, and explore three practical approaches to fix this issue during your upgrade.
ActiveSupport::Deprecation Guide for Rails Upgrades
Learn how to use ActiveSupport::Deprecation to manage breaking changes, guide users through API transitions, and make Rails upgrades safer.
Fixing ActiveRecord::ValueTooLong Errors in Rails
Understand why Rails throws ActiveRecord::ValueTooLong exceptions, diagnose the root cause, and implement practical solutions including column resizing, validations, truncation strategies, and error handling for PostgreSQL, MySQL, and SQLite.
10 Strategies for Upgrading a Rails App with Under 50% Test Coverage
Discover ten battle-tested strategies to manage risk and successfully upgrade a Ruby on Rails application when test coverage is low.
Adding TailwindCSS to a Legacy Rails App: A Phased Migration Guide
A pragmatic guide for engineering leaders and senior developers on incrementally modernizing legacy Rails applications with TailwindCSS.
Auditing Your Rails Codebase for Malicious X-Forwarded-Host Headers
A practical guide to identifying, understanding, and mitigating Host header injection vulnerabilities in Ruby on Rails applications.
Automating Database Backups And Rollbacks During Cloud Platform Transitions
A guide to automating database backups and rollbacks for a smooth transition when migrating your Rails application across cloud platforms.
Automating Security Audits for Legacy Ruby on Rails Codebases
Learn how to automate security audit reports for legacy Rails applications using static analysis tools like Brakeman and Bundler-Audit in your CI/CD pipeline.
Bridging the Gap: Integrating Modern HMR into Old Rails Apps
Learn how to modernize your legacy Ruby on Rails application's frontend workflow by integrating Hot Module Replacement (HMR) using Vite Ruby to boost productivity.
Understanding and Mitigating the Ruby HTTP/XMLRPC Server DoS (CVE-2006-1931)
An in-depth look at CVE-2006-1931, a classic denial-of-service vulnerability in older Ruby HTTP and XMLRPC servers, and how modern practices prevent similar issues.
Understanding CVE-2006-4111: Ruby on Rails LOAD_PATH Remote Code Execution
An analysis of CVE-2006-4111, a high-severity vulnerability in early Ruby on Rails versions that allowed remote code execution via LOAD_PATH manipulation.
CVE-2006-4112: Ruby on Rails Dependency Resolution Vulnerability
An analysis of CVE-2006-4112, a high-severity vulnerability in early Ruby on Rails versions that allowed remote code execution or denial of service via implicit constant loading.
CVE-2006-5467: Ruby CGI Denial of Service
An analysis of CVE-2006-5467, a denial of service vulnerability in the cgi.rb library of Ruby 1.8 involving multipart MIME parsing.
CVE-2006-6303: Ruby CGI Denial of Service
An analysis of CVE-2006-6303, a denial of service vulnerability in Ruby's CGI library prior to version 1.8.5-p2.
Understanding and Fixing CVE-2007-3227: The ActiveRecord to_json XSS Vulnerability
A look back at CVE-2007-3227, examining how ActiveRecord's to_json method in early Rails versions could lead to XSS vulnerabilities.
Understanding CVE-2007-5162: Ruby Net::HTTPS Server Certificate CN Validation Flaw
An in-depth look at CVE-2007-5162, a vulnerability in Ruby's Net::HTTPS library that failed to validate server certificate Common Names, enabling man-in-the-middle attacks. [^1]
CVE-2007-5379: Ruby on Rails XML File Disclosure Vulnerability
An analysis of CVE-2007-5379, a moderate-severity vulnerability discovered in Ruby on Rails versions prior to 1.2.4, which allowed remote attackers to determine the existence of arbitrary files and read contents of XML files on the server.
Understanding CVE-2007-5380: Session Fixation via URL-Based Sessions in Early Rails
An in-depth look at CVE-2007-5380, a session fixation vulnerability in early Ruby on Rails versions caused by URL-based session identifiers.
Sponsored by Durable Programming
Need help maintaining or upgrading your Ruby on Rails application? Durable Programming specializes in keeping Rails apps secure, performant, and up-to-date.
Hire Durable Programming