Uh oh, it's upgrade time again. Today, the official Ruby 1.9 maintainer (Yuki Sonoda, a.k.a. Yugui) announced a heap overflow vulnerability in Ruby 1.9.1 and, subsequently, the release of Ruby 1.9.1-p376 (patch level 376). As the current production level release of Ruby, this is a crucial upgrade - unless you're still using Ruby 1.8.x, which isn't affected at all.

As well as fixing the vulnerability, Ruby 1.9.1-p376 also includes over 100 bug fixes on the previous release, none of which are particularly interesting. You can check this release's change log to see if anything affects you.

If you want to download Ruby 1.9.1-p376 now, the following URLs will work direct:

• http://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.1-p376.tar.bz2
• http://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.1-p376.tar.gz
• http://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.1-p376.zip

Further, Danny Tatom has put together a PKGBUILD file for Ruby 1.9.1-p376 for Arch Linux users. As an aside, Arch Linux is worth a look if you haven't heard of it yet. It's basically a lightweight, heavily customizable, developer focused Linux distribution that's less annoying than Gentoo, and a little more BSD-like than the average Linux distro.

[ad] Find duplication, code smells, complex code and more in your Ruby code with Caliper! The metrics are free and setup takes just one click. Get started!