A Denial of Service (DoS) vulnerability was found in the BigDecimal standard Ruby library. An attacker could cause a segmentation fault and crash the Ruby interpreter. This is due to the BigDecimal method mishandling certain large values. Almost every Rails application is vulnerable to this because ActiveRecord relies on this method.

You are advised to update your Ruby installation. There is a temporary fix on Github. This fix breaks valid formats supported by BigDecimal, so you are advised to plan migrating to a new Ruby version.

This is a bit overdue, but I’ve been remiss in posting the last month or so (has it been that obvious?)

I just wanted to mention, off the cuff, that I recently signed with FiveRuns, an enthusiastic supporter of the Rails community working in the systems management space, and based out of Austin, TX. I’m lucky enough to be joined at FiveRuns by the venerable Marcel Molina, Jr. of rails-core fame, and working with a talented, visionary group of developers (not to mention all the other smart folks making things tick at the office).

So, I’ve got my nose to the grindstone, as it were – deep in new code, fresh APIs, a unfamiliar domain, and some really exciting work – but I’ll try to catch up, I promise.