All Articles
122 articles on upgrading Ruby, Rails, and managing dependencies
CVE-2008-7248: Bypassing CSRF Protection with text/plain in Ruby on Rails
An analysis of CVE-2008-7248, a vulnerability in Ruby on Rails ActionPack that allowed attackers to bypass Cross-Site Request Forgery (CSRF) protection using the text/plain content type.
CVE-2008-7310: Spree Hash Restriction Weakness
An analysis of CVE-2008-7310, a mass assignment vulnerability in early versions of the Spree e-commerce framework for Ruby on Rails that allowed attackers to bypass the payment process.
Logging Sensitive Information in Rails: What Not to Log (CWE-532)
A comprehensive guide to understanding and preventing CWE-532 in Ruby on Rails applications.
CWE-613 Session Management Flaws in Rails: Avoiding Hijacking and Fixation
Learn how to prevent common session management flaws in Ruby on Rails applications, including session hijacking and fixation (CWE-613), by following security best practices.
CWE-79, Cross-Site Scripting (XSS) in Rails: Protecting Your Views
A deep dive into Cross-Site Scripting (XSS) vulnerabilities in Ruby on Rails, focusing on how to protect your application's views from malicious user input.
Server-Side Request Forgery (SSRF) in Rails: Risks and Mitigation
A deep dive into Server-Side Request Forgery (SSRF) vulnerabilities in Ruby on Rails applications, exploring the risks and practical mitigation strategies.
Deploying Rails 8 with Kamal: Replicating the Heroku Git Push Experience
Learn how to deploy Rails 8 applications using Kamal, replicating the simplicity of Heroku's git push experience with a streamlined workflow.
Dual Booting Rails 7.2 and 8.0
Learn how to use dual booting to safely and incrementally upgrade your Ruby on Rails application from version 7.2 to 8.0 without halting feature development.
Using Feature Flags for Safe Ruby on Rails Version Upgrades
Learn how to use feature flags to safely manage Ruby on Rails version upgrades, minimize downtime, and mitigate risks during software modernization.
Fixing Catastrophic Backtracking in Custom Ruby Regexes
A guide to understanding and fixing catastrophic backtracking in Ruby's regular expressions to prevent performance issues and application crashes.
Fixing CVE-2006-2581: Resolving Cross-Site Scripting in Legacy RWiki Installations
Learn how to fix CVE-2006-2581, a Cross-Site Scripting vulnerability in RWiki versions 2.1.0pre1 through 2.1.0, through upgrading or implementing proper HTML sanitization.
Fixing CVE-2023-28362: Mitigating XSS via redirect_to in Action Pack
Learn how to mitigate CVE-2023-28362, a Cross-Site Scripting (XSS) vulnerability related to the redirect_to method in Ruby on Rails Action Pack.
Fixing Race Conditions in Minitest After Upgrading to Rails 8
Learn how to identify and resolve flaky tests and race conditions in Minitest caused by parallel testing after upgrading your Ruby on Rails application to version 8.
Form Handling in Modern Rails: Replacing Rails UJS with Inertia.js useForm
Learn how to replace legacy Rails UJS form submissions with Inertia.js useForm for modern form handling in Rails applications.
HIPAA Compliance Risks of Running End-of-Life (EOL) Rails Versions
Explore the security vulnerabilities and HIPAA compliance risks of running end-of-life Ruby on Rails in healthcare apps handling ePHI, and how to fix them.
How to Benchmark Cloud Provider Performance for Ruby on Rails Apps
A pragmatic guide to evaluating cloud infrastructure performance for large and complex Ruby on Rails applications.
How to Convince Your CTO to Budget for a Rails Version Upgrade
A pragmatic guide for engineering leaders on translating technical debt into business risk to secure budget for Rails upgrades.
How to Generate a Gemfile.next.lock for Faster Rails Upgrades
A step-by-step technical guide to generating and managing a Gemfile.next.lock file using the bootboot plugin for smoother Rails upgrades.
How to Handle Active Record SQLite3 Deprecation Warnings in Rails 8.0
A pragmatic guide to fixing SQLite3 configuration deprecations and NoMethodError crashes during a Rails 8.0 upgrade.
How to Handle Frozen String Literals When Upgrading Legacy Ruby Apps
A pragmatic guide to addressing FrozenError exceptions, managing memory optimization, and enforcing immutability in legacy Ruby code during an upgrade.
Sponsored by Durable Programming
Need help maintaining or upgrading your Ruby on Rails application? Durable Programming specializes in keeping Rails apps secure, performant, and up-to-date.
Hire Durable Programming