Posts Tagged: ruby
-
A Guide to Upgrading Gems and Dependencies in Ruby
Learn how to manage Gemfile updates safely.
-
Achieving Zero-Downtime Database Migrations on Google Cloud Run
Learn how to perform safe, zero-downtime database migrations for Ruby on Rails applications running on serverless infrastructure.
-
Adding TailwindCSS to a Legacy Rails App: A Phased Migration Guide
A pragmatic guide for engineering leaders and senior developers on incrementally modernizing legacy Rails applications with TailwindCSS.
-
Auditing Your Rails Codebase for Malicious X-Forwarded-Host Headers
A practical guide to identifying, understanding, and mitigating Host header injection vulnerabilities in Ruby on Rails applications.
-
Automating Security Audits for Legacy Ruby on Rails Codebases
Learn how to automate security audit reports for legacy Rails applications using static analysis tools like Brakeman and Bundler-Audit in your CI/CD pipeline.
-
Understanding and Mitigating the Ruby HTTP/XMLRPC Server DoS (CVE-2006-1931)
An in-depth look at CVE-2006-1931, a classic denial-of-service vulnerability in older Ruby HTTP and XMLRPC servers, and how modern practices prevent similar issues.
-
CVE-2006-3694: Bypassing Safe Levels in Ruby 1.8
An analysis of CVE-2006-3694, a vulnerability in Ruby 1.8 that allowed attackers to bypass $SAFE level restrictions, and why modern security relies on OS-level isolation.
-
CVE-2006-5467: Ruby CGI Denial of Service
An analysis of CVE-2006-5467, a denial of service vulnerability in the cgi.rb library of Ruby 1.8 involving multipart MIME parsing.
-
CVE-2006-6303: Ruby CGI Denial of Service
An analysis of CVE-2006-6303, a denial of service vulnerability in Ruby's CGI library prior to version 1.8.5-p2.
-
Understanding and Fixing CVE-2007-3227: The ActiveRecord to_json XSS Vulnerability
A look back at CVE-2007-3227, examining how ActiveRecord's to_json method in early Rails versions could lead to XSS vulnerabilities.
-
Understanding CVE-2007-5162: Ruby Net::HTTPS Server Certificate CN Validation Flaw
An in-depth look at CVE-2007-5162, a vulnerability in Ruby's Net::HTTPS library that failed to validate server certificate Common Names, enabling man-in-the-middle attacks.
-
Understanding CVE-2007-5770: The Widespread SSL CN Validation Flaw in Ruby
An examination of CVE-2007-5770, where Ruby's core network libraries failed to validate SSL certificate Common Names, enabling MitM attacks.
-
CVE-2007-6077: Incomplete Fix for Rails Session Fixation
An examination of CVE-2007-6077, where a flawed patch in Rails 1.2.4 failed to fully address session fixation due to mutable state in constants.
-
Understanding CVE-2007-6183: Format String Vulnerability in Ruby-GNOME2
An analysis of CVE-2007-6183, a format string vulnerability in the GTK2 module of Ruby-GNOME2, and its implications for Ruby native extensions.
-
CVE-2007-6612: Mongrel Directory Traversal via Double-Encoded Sequences
An overview of CVE-2007-6612, a directory traversal vulnerability in the Mongrel web server for Ruby, including its impact and remediation.
-
CVE-2008-1145: Ruby WEBrick Directory Traversal Vulnerability
An analysis of CVE-2008-1145, a critical directory traversal vulnerability in Ruby's WEBrick server that allowed remote attackers to access arbitrary files.
-
CVE-2008-1447: Ruby DNS Spoofing Vulnerability
An examination of CVE-2008-1447, the infamous Kaminsky DNS spoofing vulnerability in Ruby's resolv.rb, and its impact on DNS security.
-
CVE-2008-1891: WEBrick Directory Traversal in Ruby
Explore CVE-2008-1891, a directory traversal and source code disclosure vulnerability in Ruby WEBrick that affected Windows environments.
-
CVE-2008-2662: Integer Overflows in Ruby's rb_str_buf_append
An analysis of CVE-2008-2662, an integer overflow vulnerability in Ruby's string concatenation.
-
CVE-2008-2663: Ruby Integer Overflows
An analysis of CVE-2008-2663, an integer overflow vulnerability in Ruby 1.8.x's rb_ary_store function that causes buffer overflows during array assignment.
-
Understanding CVE-2008-2664: Unsafe Use of alloca in Ruby's rb_str_format
An in-depth look at CVE-2008-2664, a high-severity vulnerability in Ruby involving unsafe use of alloca in rb_str_format.
-
CVE-2008-2725: Integer Overflows in Array Methods
An in-depth look at CVE-2008-2725, an integer overflow vulnerability in Ruby's Array implementation.
-
CVE-2008-2726: Ruby Integer Overflow in rb_ary_splice
An analysis of CVE-2008-2726, an integer overflow vulnerability in Ruby's Array methods like Array#slice= and Array#replace.
-
CVE-2008-3443: Ruby Regex Memory Allocation Denial of Service
A look into CVE-2008-3443, a denial of service vulnerability in early Ruby versions where the regular expression engine could crash due to memory allocation failures.
-
Understanding CVE-2008-3655: Multiple Insufficient $SAFE Level Restrictions in Ruby
An in-depth analysis of CVE-2008-3655, a vulnerability in early Ruby versions where incomplete $SAFE level checks allowed attackers to bypass sandbox restrictions.
-
Understanding CVE-2008-3790: Ruby REXML Denial of Service Vulnerability
An overview of CVE-2008-3790, a denial-of-service vulnerability in early Ruby versions where the REXML parser allowed unbounded XML entity expansion (the Billion Laughs attack).
-
CVE-2008-3905: Sequential Transaction IDs and DNS Spoofing in resolv.rb
An in-depth look at CVE-2008-3905, where predictable transaction IDs and source ports in Ruby's resolv.rb allowed DNS spoofing attacks.
-
CVE-2008-4310: WEBrick Denial of Service Vulnerability
An analysis of the regular expression denial of service (ReDoS) vulnerability in WEBrick, Ruby's standard HTTP server, and the importance of comprehensive security patches.
-
CVE-2008-7248: Bypassing CSRF Protection with text/plain in Ruby on Rails
An analysis of CVE-2008-7248, a vulnerability in Ruby on Rails ActionPack that allowed attackers to bypass Cross-Site Request Forgery (CSRF) protection using the text/plain content type.
-
Dual Booting Rails 7.2 and 8.0
Learn how to use dual booting to safely and incrementally upgrade your Ruby on Rails application from version 7.2 to 8.0 without halting feature development.
-
Using Feature Flags for Safe Ruby on Rails Version Upgrades
Learn how to use feature flags to safely manage Ruby on Rails version upgrades, minimize downtime, and mitigate risks during software modernization.
-
Fixing Catastrophic Backtracking in Custom Ruby Regexes
A guide to understanding and fixing catastrophic backtracking in Ruby's regular expressions to prevent performance issues and application crashes.
-
Form Handling in Modern Rails: Replacing Rails UJS with Inertia.js useForm
Learn how to replace legacy Rails UJS form submissions with Inertia.js useForm for modern form handling in Rails applications.
-
From 40 Minutes to 4: Parallelizing Your Rails Test Suite
Learn how we reduced a Rails test suite execution time from 40 minutes to 4 minutes by leveraging Minitest parallelization and resolving race conditions.
-
HIPAA Compliance Risks of Running End-of-Life (EOL) Rails Versions
Explore the security vulnerabilities and HIPAA compliance risks of running end-of-life Ruby on Rails in healthcare apps handling ePHI, and how to fix them.
-
How to Benchmark Cloud Provider Performance for Ruby on Rails Apps
A pragmatic guide to evaluating cloud infrastructure performance for large and complex Ruby on Rails applications.
-
How to Convince Your CTO to Budget for a Rails Version Upgrade
A pragmatic guide for engineering leaders on translating technical debt into business risk to secure budget for Rails upgrades.
-
Fix Broken CI Builds from Rails 7.1 Deprecation Warnings
How to fix broken CI builds caused by Rails 7.1 deprecation warnings.
-
How to Generate a Gemfile.next.lock for Faster Rails Upgrades
A step-by-step technical guide to generating and managing a Gemfile.next.lock file using the bootboot plugin for smoother Rails upgrades.
-
How to Handle Active Record SQLite3 Deprecation Warnings in Rails 8.0
A pragmatic guide to fixing SQLite3 configuration deprecations and NoMethodError crashes during a Rails 8.0 upgrade.
-
How to Handle Frozen String Literals When Upgrading Legacy Ruby Apps
A pragmatic guide to addressing FrozenError exceptions, managing memory optimization, and enforcing immutability in legacy Ruby code during an upgrade.
-
How to Type-Check Your Svelte Components Against Rails JSON APIs
A practical guide to bridging the type gap between a Ruby on Rails backend and a Svelte frontend using TypeScript.
-
How to Use Bundler-Audit to Catch Vulnerabilities During CI/CD
A guide to using Bundler-Audit to automatically detect and prevent security vulnerabilities in your Ruby on Rails application by integrating it into your CI/CD pipeline.
-
Identifying and Remediating Technical Debt Hotspots Before a Rails Upgrade
Learn how to stabilize your Ruby on Rails application before a major upgrade by identifying and remediating technical debt hotspots using tools like churn and skunk.
-
Identifying Typosquatting and Brandjacking Risks in Outdated Ruby Gems
Learn how to identify and mitigate typosquatting and brandjacking supply chain attacks in outdated Ruby and Rails applications.
-
Implementing Redis Caching to Alleviate Database Load in Legacy Rails Apps
A pragmatic guide to reducing database load and improving p95 response times in legacy Rails apps using Redis caching.
-
Insecure Direct Object References (IDOR) in Rails: Proper Authorization Checks
A guide to understanding and preventing Insecure Direct Object References (IDOR) in Ruby on Rails applications with proper authorization checks.
-
Migrating from Test::Unit to Minitest for Faster CI Pipelines
Learn how to optimize your Ruby on Rails test suite speed by migrating from Test::Unit to Minitest and leveraging modern parallelization to reduce CI bottlenecks.
-
Mitigating SOC2 Risks by Establishing a Routine Rails Maintenance Schedule (Bonsai Method)
Discover how the 'Bonsai Method' of routine Rails maintenance can help mitigate SOC2 risks and improve application security.
-
Monitoring Production Metrics Before and After a Major Ruby Version Bump
A practical guide to measuring the performance, memory usage, and stability impact of a Ruby upgrade in production.
-
Moving from Sprockets to a Modern Frontend in Ruby on Rails
A detailed guide for engineering leaders on migrating from the legacy Sprockets asset pipeline to modern frontend build systems like Esbuild, Vite, or Import Maps in Ruby on Rails.
-
Optimizing Active Record Memory Usage in Large Rails Background Jobs
A guide to optimizing Active Record memory usage in large Rails background jobs to prevent memory bloat and reduce cloud hosting costs.
-
Optimizing Frontend Assets with ESBuild and Rollup in Vite Rails
Learn how to optimize frontend asset compilation and delivery in Ruby on Rails applications using Vite with ESBuild and Rollup for improved performance.
-
PCI DSS Compliance: Why Your Rails 5.2 App Will Fail Its Next Audit
An in-depth look at why running End-of-Life (EOL) Ruby on Rails 5.2 guarantees a failed PCI DSS audit, how auditors detect vulnerabilities, and the path to remediation.
-
Reducing Largest Contentful Paint (LCP) Times in Server-Rendered Rails Views
Learn practical techniques to diagnose and fix poor Largest Contentful Paint (LCP) times in server-rendered Ruby on Rails applications.
-
Reducing P95 Response Times in Rails via Database Table Partitioning
Learn how to improve Rails scalability, reduce p95 response times, and resolve database bottlenecks with PostgreSQL table partitioning.
-
Replacing Devise with Rails 8.0 Built-In Authentication: A Step-by-Step Guide
Learn how to reduce technical debt and migrate your Ruby on Rails application from Devise to the built-in authentication system in Rails 8.0.
-
Ruby Memory Allocations: How Upgrading Reduces Cloud Infrastructure Costs
Discover how upgrading your Ruby version reduces memory allocations, leading to significant savings on cloud infrastructure costs.
-
Ruby Upgrade Guide
Step-by-step instructions on keeping your Ruby version up to date.
-
Securing Your Gemfile: How to Use Bundler Checksums to Prevent Supply Chain Attacks
A guide to using Bundler checksums to secure your Gemfile and prevent supply chain attacks in your Ruby on Rails application.
-
Setting Up Foreman and Procfile.dev for Rails and Vite
Learn how to manage multiple development processes in a modern Ruby on Rails application with Vite for frontend tooling using Foreman and a Procfile.dev.
-
Setting Up Log Aggregation with Datadog or New Relic After a Heroku Migration
A pragmatic engineering guide to replacing Heroku Logplex with Datadog or New Relic for Ruby on Rails applications.
-
Squashing PRs vs. Small Commits: Best Git Practices for Rails Upgrades
A guide to the trade-offs between squashing pull requests and preserving a granular history of small, atomic commits during a Ruby on Rails application upgrade.
-
Step-by-Step Guide to Safely Upgrading Ruby in a Dockerized Rails App
A pragmatic, battle-tested workflow for engineering teams to safely upgrade Ruby in Dockerized Rails applications.
-
The Faster vs. Safer Approach to Dual-Booting Legacy Rails Apps
A guide to the trade-offs between speed and safety when implementing a dual-booting strategy for a legacy Ruby on Rails application upgrade.
-
Transitioning a Monolithic Rails App to Docker and AWS ECS/Fargate
A comprehensive guide for engineering leaders on containerizing large and complex Ruby on Rails applications using Docker and AWS ECS/Fargate.
-
Tuning Your AWS Cloud Infrastructure After a Rails 7 Upgrade
A battle-tested workflow for optimizing AWS infrastructure, reducing cloud costs, and improving performance after upgrading to Rails 7.
-
Upgrading Ruby and Rails: Best Practices and Pitfalls
A comprehensive guide to upgrading Ruby and Rails applications, covering best practices, common pitfalls, and security considerations.
-
Upgrading Ruby Syntax: Moving from Hash Rockets to Modern Keyword Syntax
A pragmatic approach to modernizing Ruby codebases, replacing legacy hash rocket syntax with concise keyword syntax.
-
CWE-916: Using Potentially Dangerous Functions in Rails
A security overview of CWE-916, focusing on the use of potentially dangerous functions in Ruby on Rails applications and how to mitigate risks.