Ruby & You
Terence Lee • Lyon, France • Talk

Date: June 20, 2014
Published: February 14, 2015
Announced: unknown

On November 22, 2013, a devastating security exploit was publicized to the Ruby community: Heap Overflow in Floating Point Parsing (CVE-2013-4164). There were no fixes provided for Ruby 1.9.2.

At Heroku, we realized this impacted our ability to provide reliable runtime support. Not wanting to leave our customers high and dry, Heroku released Ruby 1.8.7 and 1.9.2 security patches on our runtimes and pushed to get them upstream.

This talk goes through the steps and mistakes I learned on how to interact with members of ruby-core, tell war stories from core, and explain how you can get contributions upstream and improve Ruby for everyone.

Ruby Lugdunum Conference 2014