home.social

#rubysec — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #rubysec, aggregated by home.social.

  1. postmodern @[email protected] ·

    Just released bundler-audit 0.9.3, which officially adds support for Ruby 3.4, 3.5, 4.0, and Bundler 4.x.

    github.com/rubysec/bundler-aud
    github.com/rubysec/bundler-aud

    #ruby #bundler #rubysec #bundler_audit #bundleraudit

    #ruby #bundler #rubysec #bundler_audit #bundleraudit
  2. postmodern @[email protected] ·

    Just released bundler-audit 0.9.3, which officially adds support for Ruby 3.4, 3.5, 4.0, and Bundler 4.x.

    github.com/rubysec/bundler-aud
    github.com/rubysec/bundler-aud

    #ruby #bundler #rubysec #bundler_audit #bundleraudit

    #ruby #bundler #rubysec #bundler_audit #bundleraudit
  3. postmodern @[email protected] ·

    Just released bundler-audit 0.9.3, which officially adds support for Ruby 3.4, 3.5, 4.0, and Bundler 4.x.

    github.com/rubysec/bundler-aud
    github.com/rubysec/bundler-aud

    #ruby #bundler #rubysec #bundler_audit #bundleraudit

    #ruby #bundler #rubysec #bundler_audit #bundleraudit
  4. postmodern @[email protected] ·

    Just released bundler-audit 0.9.3, which officially adds support for Ruby 3.4, 3.5, 4.0, and Bundler 4.x.

    github.com/rubysec/bundler-aud
    github.com/rubysec/bundler-aud

    #ruby #bundler #rubysec #bundler_audit #bundleraudit

    #bundleraudit #bundler_audit #rubysec #bundler #ruby
  5. postmodern @[email protected] ·

    Just released bundler-audit 0.9.3, which officially adds support for Ruby 3.4, 3.5, 4.0, and Bundler 4.x.

    github.com/rubysec/bundler-aud
    github.com/rubysec/bundler-aud

    #ruby #bundler #rubysec #bundler_audit #bundleraudit

    #ruby #bundler #rubysec #bundler_audit #bundleraudit
  6. FastRuby.io @[email protected] ·

    💣 Is your #Ruby app vulnerable to known CVEs? Is it safe in production? Is it ready for a #SOC2 audit?

    If you don’t know, you need a security audit. Find out how many vulnerabilities are present in your code and dependencies. Let's talk!

    go.fastruby.io/wbw

    #RubySec #InfoSec #DevSecOps

    #ruby #soc2 #rubysec #infosec #devsecops
  7. FastRuby.io @[email protected] ·

    💣 Is your #Ruby app vulnerable to known CVEs? Is it safe in production? Is it ready for a #SOC2 audit?

    If you don’t know, you need a security audit. Find out how many vulnerabilities are present in your code and dependencies. Let's talk!

    go.fastruby.io/wbw

    #RubySec #InfoSec #DevSecOps

    #ruby #soc2 #rubysec #infosec #devsecops
  8. FastRuby.io @[email protected] ·

    💣 Is your #Ruby app vulnerable to known CVEs? Is it safe in production? Is it ready for a #SOC2 audit?

    If you don’t know, you need a security audit. Find out how many vulnerabilities are present in your code and dependencies. Let's talk!

    go.fastruby.io/wbw

    #RubySec #InfoSec #DevSecOps

    #ruby #soc2 #rubysec #infosec #devsecops
  9. FastRuby.io @[email protected] ·

    💣 Is your #Ruby app vulnerable to known CVEs? Is it safe in production? Is it ready for a #SOC2 audit?

    If you don’t know, you need a security audit. Find out how many vulnerabilities are present in your code and dependencies. Let's talk!

    go.fastruby.io/wbw

    #RubySec #InfoSec #DevSecOps

    #devsecops #infosec #rubysec #soc2 #ruby
  10. FastRuby.io @[email protected] ·

    💣 Is your #Ruby app vulnerable to known CVEs? Is it safe in production? Is it ready for a #SOC2 audit?

    If you don’t know, you need a security audit. Find out how many vulnerabilities are present in your code and dependencies. Let's talk!

    go.fastruby.io/wbw

    #RubySec #InfoSec #DevSecOps

    #ruby #soc2 #rubysec #infosec #devsecops
  11. postmodern @[email protected] ·

    PSA: supply chain attacks (aka forking popular gems, changing the name slightly, and adding malicious code) are starting to show up on rubygems.org more often. Be cautious when adding a new gem to your project. Check who the author is, check the GitHub repository, look at the commit history, etc.
    socket.dev/blog/malicious-ruby

    #ruby #security #rubysec

    #ruby #security #rubysec
  12. postmodern @[email protected] ·

    PSA: supply chain attacks (aka forking popular gems, changing the name slightly, and adding malicious code) are starting to show up on rubygems.org more often. Be cautious when adding a new gem to your project. Check who the author is, check the GitHub repository, look at the commit history, etc.
    socket.dev/blog/malicious-ruby

    #ruby #security #rubysec

    #ruby #security #rubysec
  13. postmodern @[email protected] ·

    PSA: supply chain attacks (aka forking popular gems, changing the name slightly, and adding malicious code) are starting to show up on rubygems.org more often. Be cautious when adding a new gem to your project. Check who the author is, check the GitHub repository, look at the commit history, etc.
    socket.dev/blog/malicious-ruby

    #ruby #security #rubysec

    #ruby #security #rubysec
  14. postmodern @[email protected] ·

    PSA: supply chain attacks (aka forking popular gems, changing the name slightly, and adding malicious code) are starting to show up on rubygems.org more often. Be cautious when adding a new gem to your project. Check who the author is, check the GitHub repository, look at the commit history, etc.
    socket.dev/blog/malicious-ruby

    #ruby #security #rubysec

    #rubysec #security #ruby
  15. postmodern @[email protected] ·

    PSA: supply chain attacks (aka forking popular gems, changing the name slightly, and adding malicious code) are starting to show up on rubygems.org more often. Be cautious when adding a new gem to your project. Check who the author is, check the GitHub repository, look at the commit history, etc.
    socket.dev/blog/malicious-ruby

    #ruby #security #rubysec

    #ruby #security #rubysec
  16. postmodern @[email protected] ·

    Liking the new "maintainer" role for rubygem maintainers.
    blog.rubygems.org/2024/11/07/m

    #rubygems #rubysec

    #rubygems #rubysec
  17. postmodern @[email protected] ·

    Liking the new "maintainer" role for rubygem maintainers.
    blog.rubygems.org/2024/11/07/m

    #rubygems #rubysec

    #rubygems #rubysec
  18. postmodern @[email protected] ·

    Liking the new "maintainer" role for rubygem maintainers.
    blog.rubygems.org/2024/11/07/m

    #rubygems #rubysec

    #rubygems #rubysec
  19. postmodern @[email protected] ·

    Liking the new "maintainer" role for rubygem maintainers.
    blog.rubygems.org/2024/11/07/m

    #rubygems #rubysec

    #rubysec #rubygems
  20. postmodern @[email protected] ·

    Liking the new "maintainer" role for rubygem maintainers.
    blog.rubygems.org/2024/11/07/m

    #rubygems #rubysec

    #rubygems #rubysec
  21. OmbuLabs.ai @[email protected] ·

    💣 Is your #Ruby app vulnerable? Is it a ticking time bomb or is it safe in production?

    If you don’t know, you need a security audit. Find out how many vulnerabilities are present in your code and dependencies. Let's talk!

    go.fastruby.io/wbw

    #RubySec #InfoSec #DevSecOps

    #ruby #rubysec #infosec #devsecops
  22. OmbuLabs.ai @[email protected] ·

    💣 Is your #Ruby app vulnerable? Is it a ticking time bomb or is it safe in production?

    If you don’t know, you need a security audit. Find out how many vulnerabilities are present in your code and dependencies. Let's talk!

    go.fastruby.io/wbw

    #RubySec #InfoSec #DevSecOps

    #ruby #rubysec #infosec #devsecops
  23. OmbuLabs.ai @[email protected] ·

    💣 Is your #Ruby app vulnerable? Is it a ticking time bomb or is it safe in production?

    If you don’t know, you need a security audit. Find out how many vulnerabilities are present in your code and dependencies. Let's talk!

    go.fastruby.io/wbw

    #RubySec #InfoSec #DevSecOps

    #devsecops #infosec #rubysec #ruby
  24. OmbuLabs.ai @[email protected] ·

    💣 Is your #Ruby app vulnerable? Is it a ticking time bomb or is it safe in production?

    If you don’t know, you need a security audit. Find out how many vulnerabilities are present in your code and dependencies. Let's talk!

    go.fastruby.io/wbw

    #RubySec #InfoSec #DevSecOps

    #ruby #rubysec #infosec #devsecops
  25. postmodern @[email protected] ·

    Heads Up Everyone. An unpatched CVE for Sinatra was just added to ruby-advisory-db. Currently all versions are affected. Impact is a possible Open Redirect.
    github.com/advisories/GHSA-hxx
    #ruby #sinatra #rubysec

    #ruby #sinatra #rubysec
  26. postmodern @[email protected] ·

    Heads Up Everyone. An unpatched CVE for Sinatra was just added to ruby-advisory-db. Currently all versions are affected. Impact is a possible Open Redirect.
    github.com/advisories/GHSA-hxx
    #ruby #sinatra #rubysec

    #ruby #sinatra #rubysec
  27. postmodern @[email protected] ·

    Heads Up Everyone. An unpatched CVE for Sinatra was just added to ruby-advisory-db. Currently all versions are affected. Impact is a possible Open Redirect.
    github.com/advisories/GHSA-hxx
    #ruby #sinatra #rubysec

    #ruby #sinatra #rubysec
  28. postmodern @[email protected] ·

    Heads Up Everyone. An unpatched CVE for Sinatra was just added to ruby-advisory-db. Currently all versions are affected. Impact is a possible Open Redirect.
    github.com/advisories/GHSA-hxx
    #ruby #sinatra #rubysec

    #rubysec #sinatra #ruby
  29. postmodern @[email protected] ·

    Heads Up Everyone. An unpatched CVE for Sinatra was just added to ruby-advisory-db. Currently all versions are affected. Impact is a possible Open Redirect.
    github.com/advisories/GHSA-hxx
    #ruby #sinatra #rubysec

    #ruby #sinatra #rubysec
  30. postmodern @[email protected] ·

    Heads Up Everyone: there's an not-yet-patched-and-released security vulnerability in WEBrick. This is going to be added to ruby-advisory-db shortly, so don't be surprised if webrick starts getting flagged; although I'm guessing it's probably only in your Gemfile.lock due to some other gem pulling it in.

    Update: webrick 1.8.2 has now been released.

    github.com/advisories/GHSA-6f6

    #ruby #rubysec #webrick

    #ruby #rubysec #webrick
  31. postmodern @[email protected] ·

    Heads Up Everyone: there's an not-yet-patched-and-released security vulnerability in WEBrick. This is going to be added to ruby-advisory-db shortly, so don't be surprised if webrick starts getting flagged; although I'm guessing it's probably only in your Gemfile.lock due to some other gem pulling it in.

    Update: webrick 1.8.2 has now been released.

    github.com/advisories/GHSA-6f6

    #ruby #rubysec #webrick

    #ruby #rubysec #webrick
  32. postmodern @[email protected] ·

    Heads Up Everyone: there's an not-yet-patched-and-released security vulnerability in WEBrick. This is going to be added to ruby-advisory-db shortly, so don't be surprised if webrick starts getting flagged; although I'm guessing it's probably only in your Gemfile.lock due to some other gem pulling it in.

    Update: webrick 1.8.2 has now been released.

    github.com/advisories/GHSA-6f6

    #ruby #rubysec #webrick

    #ruby #rubysec #webrick
  33. postmodern @[email protected] ·

    Heads Up Everyone: there's an not-yet-patched-and-released security vulnerability in WEBrick. This is going to be added to ruby-advisory-db shortly, so don't be surprised if webrick starts getting flagged; although I'm guessing it's probably only in your Gemfile.lock due to some other gem pulling it in.

    Update: webrick 1.8.2 has now been released.

    github.com/advisories/GHSA-6f6

    #ruby #rubysec #webrick

    #webrick #rubysec #ruby
  34. postmodern @[email protected] ·

    Heads Up Everyone: there's an not-yet-patched-and-released security vulnerability in WEBrick. This is going to be added to ruby-advisory-db shortly, so don't be surprised if webrick starts getting flagged; although I'm guessing it's probably only in your Gemfile.lock due to some other gem pulling it in.

    Update: webrick 1.8.2 has now been released.

    github.com/advisories/GHSA-6f6

    #ruby #rubysec #webrick

    #ruby #rubysec #webrick
  35. postmodern @[email protected] ·

    Released bundler-audit 0.9.2 fixing a few minor issues.
    github.com/rubysec/bundler-aud
    github.com/rubysec/bundler-aud

    #ruby #bundler_audit #bundleraudit #rubysec

    #ruby #bundler_audit #bundleraudit #rubysec
  36. postmodern @[email protected] ·

    Released bundler-audit 0.9.2 fixing a few minor issues.
    github.com/rubysec/bundler-aud
    github.com/rubysec/bundler-aud

    #ruby #bundler_audit #bundleraudit #rubysec

    #ruby #bundler_audit #bundleraudit #rubysec
  37. postmodern @[email protected] ·

    Released bundler-audit 0.9.2 fixing a few minor issues.
    github.com/rubysec/bundler-aud
    github.com/rubysec/bundler-aud

    #ruby #bundler_audit #bundleraudit #rubysec

    #ruby #bundler_audit #bundleraudit #rubysec
  38. postmodern @[email protected] ·

    Released bundler-audit 0.9.2 fixing a few minor issues.
    github.com/rubysec/bundler-aud
    github.com/rubysec/bundler-aud

    #ruby #bundler_audit #bundleraudit #rubysec

    #rubysec #bundleraudit #bundler_audit #ruby
  39. postmodern @[email protected] ·

    Released bundler-audit 0.9.2 fixing a few minor issues.
    github.com/rubysec/bundler-aud
    github.com/rubysec/bundler-aud

    #ruby #bundler_audit #bundleraudit #rubysec

    #ruby #bundler_audit #bundleraudit #rubysec
  40. postmodern @[email protected] ·

    Thank you to @havenwood for updating the ruby-versions repo for CVE-2024-27282! ruby-install users, please upgrade your ruby versions!

    ruby-install --update
    ruby-install ruby-3.0.7
    ruby-install ruby-3.1.5
    ruby-install ruby-3.2.4
    ruby-install ruby-3.3.1

    ruby-lang.org/en/news/2024/04/
    #ruby #rubysec #cve #cve_2024_2782 #cve20242782

    #ruby #rubysec #cve #cve_2024_2782 #cve20242782
  41. postmodern @[email protected] ·

    Thank you to @havenwood for updating the ruby-versions repo for CVE-2024-27282! ruby-install users, please upgrade your ruby versions!

    ruby-install --update
    ruby-install ruby-3.0.7
    ruby-install ruby-3.1.5
    ruby-install ruby-3.2.4
    ruby-install ruby-3.3.1

    ruby-lang.org/en/news/2024/04/
    #ruby #rubysec #cve #cve_2024_2782 #cve20242782

    #ruby #rubysec #cve #cve_2024_2782 #cve20242782
  42. postmodern @[email protected] ·

    Thank you to @havenwood for updating the ruby-versions repo for CVE-2024-27282! ruby-install users, please upgrade your ruby versions!

    ruby-install --update
    ruby-install ruby-3.0.7
    ruby-install ruby-3.1.5
    ruby-install ruby-3.2.4
    ruby-install ruby-3.3.1

    ruby-lang.org/en/news/2024/04/
    #ruby #rubysec #cve #cve_2024_2782 #cve20242782

    #ruby #rubysec #cve #cve_2024_2782 #cve20242782
  43. postmodern @[email protected] ·

    Thank you to @havenwood for updating the ruby-versions repo for CVE-2024-27282! ruby-install users, please upgrade your ruby versions!

    ruby-install --update
    ruby-install ruby-3.0.7
    ruby-install ruby-3.1.5
    ruby-install ruby-3.2.4
    ruby-install ruby-3.3.1

    ruby-lang.org/en/news/2024/04/
    #ruby #rubysec #cve #cve_2024_2782 #cve20242782

    #cve20242782 #cve_2024_2782 #cve #rubysec #ruby
  44. postmodern @[email protected] ·

    Thank you to @havenwood for updating the ruby-versions repo for CVE-2024-27282! ruby-install users, please upgrade your ruby versions!

    ruby-install --update
    ruby-install ruby-3.0.7
    ruby-install ruby-3.1.5
    ruby-install ruby-3.2.4
    ruby-install ruby-3.3.1

    ruby-lang.org/en/news/2024/04/
    #ruby #rubysec #cve #cve_2024_2782 #cve20242782

    #ruby #rubysec #cve #cve_2024_2782 #cve20242782
  45. postmodern @[email protected] ·

    PyPI temporarily halted new user signups in response to a surge in malicious typosquating packages. I suspect attackers will turn their sights to NPM and rubygems.org next.
    arstechnica.com/security/2024/
    #rubygems #rubysec

    #rubygems #rubysec
  46. postmodern @[email protected] ·

    PyPI temporarily halted new user signups in response to a surge in malicious typosquating packages. I suspect attackers will turn their sights to NPM and rubygems.org next.
    arstechnica.com/security/2024/
    #rubygems #rubysec

    #rubygems #rubysec
  47. postmodern @[email protected] ·

    PyPI temporarily halted new user signups in response to a surge in malicious typosquating packages. I suspect attackers will turn their sights to NPM and rubygems.org next.
    arstechnica.com/security/2024/
    #rubygems #rubysec

    #rubygems #rubysec
  48. postmodern @[email protected] ·

    PyPI temporarily halted new user signups in response to a surge in malicious typosquating packages. I suspect attackers will turn their sights to NPM and rubygems.org next.
    arstechnica.com/security/2024/
    #rubygems #rubysec

    #rubysec #rubygems
  49. postmodern @[email protected] ·

    PyPI temporarily halted new user signups in response to a surge in malicious typosquating packages. I suspect attackers will turn their sights to NPM and rubygems.org next.
    arstechnica.com/security/2024/
    #rubygems #rubysec

    #rubygems #rubysec
  50. FastRuby.io @[email protected] ·

    💣 Is your #Ruby app vulnerable? Is it a ticking time bomb or is it safe in production?

    go.fastruby.io/wbw

    #RubySec #InfoSec #DevSecOps

    #ruby #rubysec #infosec #devsecops