JRuby 9k should be stable and production ready but real world users hitting it for the first time generally uncovers new issues.
Because of this, we expect to fairly quickly have followup point releases. It is important to point out that when we do put out JRuby 9. Our new internals gives us lots of potential to keep pushing the bar higher on JRuby performance. We are hoping this is our last release candidate before JRuby 9. The severity of problems are getting small enough where we think the next release will be 9.
This release is approaching a level of compatibility and stability where we have moved into a release candidate stage. We will address concerns reported before going final, so now is the time to find any problems…. This security release only updated Rubygems to version 2. Rubygems 2. See ruby-lang. All users are recommended to upgrade. This release was pushed forward quicker than planned to address issues running Rails 4. This is our second preview release, and we are getting much closer to reaching our first.
We are releasing this update to get user feedback on Ruby 2. The new runtime gathers more information about Ruby code and performs more analysis and optimization than our old runtime. We will do our best to get startup time, memory use, and performance on par with 1. JRuby includes an in-development version of support for the Truffle language implementation framework and Graal VM from Oracle Labs.
The Truffle backend supports all Ruby language features, but so far only some of the core and standard libraries. It has no support for RubyGems or Rails, does not work on Windows, and is not ready to be tested with applications at this stage. We are releasing now to get user feedback on Ruby 2. The goal of this release was to give a quick turnaround for bug reporters of 1.
We wanted to get one more solid release out before the holidays…. All users are strongly recommended to upgrade. For more information, check out the excellent write up on www. For those wondering, JRuby 1. This will include not only this security fix but almost 2 months of bug fixes.
There is one other small change in this release to strip out extra unused files from jruby-complete. The community participation lately has been great.
Keep reporting issues and sending pull requests. This release is a quick followup release to JRuby 1. We apologize if these regressions have affected you and recommend all people upgrade to 1.
We would like to single out Daniel Marcotte with a special shout-out this release. Daniel recently has been digging into our block dispatch code especially in regards to Enumerable which is far from a trivial part of our codebase and we are loving it. This release was an insanely quick followup release to 1. We realized a few hours ago after releasing 1. This release was a quick followup release to 1.
Our main priority is working on our next major version of JRuby, but we want to maintain a partial focus on continuing to fix bugs for JRuby 1. A faster release cycle for JRuby 1.
Expect a new release about every 3 weeks…. This release is a special point release in that it is the last point release before we move JRuby 1. At this point we will put out more releases of 1. Users willing to bump up memory use PermGen, specifically can still enable invokedynamic via -Xcompile. We also encourage users to try their apps on early access builds of Java 8. Projects ranged from serialization of our new intermediate representation to improved Android support via the Ruboto project.
The JRuby GSoC wiki page has all the practical details, including dates, contact information, and possible ideas. Alert Please note the primary reason for putting out 1. Everyone should upgrade to 1.
Note: This was a condensed release due to wanting to put out security fixes. If the bugs you are waiting for have not been fixed we will be fixing them for 1. Note: These next two sections are write-ups by Aaron Patterson on the security issues.
You only need to be aware of workarounds if it is impossible for you to update JRuby to version 1. When reading text nodes from an XML document, the REXML parser can be coerced in to allocating extremely large string objects which can consume all of the memory on a machine, causing a denial of service. When the text method is called, entities will be expanded.
An attacker can send a relatively small XML document that, when the entities are resolved, will consume extreme amounts of memory on the target system. Note that this attack is similar to, but different from the Billion Laughs attack. This is also related to CVE All users running an affected release should either upgrade or use one of the work arounds immediately.
This monkey patch will limit the size of the entity substitutions to 10k per node. REXML already defaults to only allow entity substitutions per document, so the maximum amount of text that can be generated by entity substitution will be around 98 megabytes. Since Ruby symbols are not garbage collected, this can result in a denial of service attack. The same technique can be used to create objects in a target system that act like internal objects. Looking up this constant will create a symbol.
In JSON version 1. Instantiating these objects will result in arbitrary symbol creation and in some cases can be used to bypass security measures.
For users that cannot upgrade, please use the attached patches. If you cannot use the attached patches, change your code from this:.
If you cannot change the usage of JSON. The feedback we have gotten along with patches has ended up being a subtantial release. We also addressed security vulnerability CVE and stopped using MurmurHash2 as our hashing algorithm now using same Hashing algorithm as Perl. All users are recommended to upgrade to JRuby 1. After a long journey 1. The JRuby 1. Users of highly-concurrent applications will see improvements in throughput and raw parallelism. And JRuby now defaults to 1. We know that there are still pieces of 1.
At this point, we plan on putting out point releases of 1. These point releases will be made to address any reported problems users run into; and also to fill out the few missing 1. You can enable invokedynamic use on Java 7, but it is disabled normally due to JVM issues. On Java 8 builds, it is enabled by default. This is the second and likely last release candidate of JRuby 1. And we have upped our compatibility level to match Ruby 1.
Barring any significantly serious issues, RC2 will become 1. Our plan after the release of 1. Please, please, please test your applications against 1. We want to make 1. This is the first and hopefully only release candidate of JRuby 1. Barring any significantly serious issues, RC1 will become 1.
The primary goal of the 1. Of course, as with any JRuby release, we will continue fixing any found incompatibilities and also improve performance. All users of 1. This release is a somewhat special release in that JRuby community members were primarily responsible for performing the backporting of fixes.
These fixes represented what current users of JRuby 1. Special thanks to merge-master David Kellum for putting so much effort into make JRuby 1. This is the second preview release of JRuby 1. We have opted for another preview cycle due to the amount of reports about improperly working transcoding support. We have greatly improved transcoding of IO and users should be much happier with 1.
It will be turned back on when Java 7 fixes those issues. This is the first preview release of JRuby 1. This release represents a tremendous amount of work by dozens of contributors, and there are improvements in every subsystem. We have opted for a preview cycle this time due to the significance of changes in this release and our desire to give users more time to test JRuby before releasing 1. We want to know issues users have with JRuby 1. Invokedynamic is still a new feature for the JVM, so we recommend running as recent a build of Java 7 as possible.
Invokedynamic support can be disabled with -Xcompile. This is a special release of JRuby which only updates our shipped copy of RubyGems to version 1. This version of RubyGems is the first version to verify that a RubyGems server certficate is valid.
All users are encouraged to upgrade to JRuby 1. Note: You may also use the normal RubyGems upgrade mechanisms, but this will overwrite the Maven support we ship as part of JRuby. We largely fulfilled our goal of having reasonable 1.
After releasing 1. We realized our charter of reasonable 1. So we decided to put out 1. As of JRuby 1. Plus, 1. Because master keeps getting further and further away from our 1. Follow up fixes for 1. Hash tables apply a math function hashing function to the key of a key-value pair. In practice, some number of keys will end up hashing into the same hash bucket known as a hashing collision.
Hi guys, If I put "config. I have not tried it but I imagine you could change it to respect the heroku environment variable as well by doing something like this:. I was curious what CanCan would be doing to the Rails logger. I didn't find any references to Rails. In any event, this does sound like an issue with how Heroku handles logging rather than with CanCan.
I'm going to close, but if there's disagreement let me know and we can re-open and discuss. Skip to content. This repository has been archived by the owner. Sign up using Email and Password. Post as a guest Name. Email Required, but never shown. The Overflow Blog. Podcast Making Agile work for data science. Stack Gives Back Featured on Meta. New post summary designs on greatest hits now, everywhere else eventually. From what I can tell, out of the box requirejs can't do the cachebusting aspect for you.
You might want to read this google groups thread. Asked 4 Months ago Answers: 2 Viewed 57 times.
0コメント