Remove umbrella `omniauth-saml` advisory in favor of linked `ruby-saml` advisories. by postmodern · Pull Request #5625 · github/advisory-database GHSA-hw46-3hmr-x9xv claims to affect omniauth-saml, however it only mentions three other ruby-saml advisories and recommends upgrading ruby-saml. I see no evidence that there is a vulnerability in ...

Success! The two duplicates have been removed.

Although, I'm still not convinced that this omniauth-saml advisory needs to exist, since it only references advisories for ruby-saml, which is a dependency. Thoughts?
github.com/github/advis...

Remove duplicate `camaleon_cms` advisory by postmodern · Pull Request #5622 · github/advisory-database GHSA-3hp8-6j24-m5gm appears to be the exact same advisory as GHSA-7x4w-cj9r-h4v9, but with slightly different formatting and no CVSS metadata.

Could someone on @securitylab.github.com's GHSA team please look at these PRs to remove duplicate GHSA entries? It's been a week and I'm still waiting.

* github.com/github/advis...
* github.com/github/advis...

Also this one which was contested:

* github.com/github/advis...

#github #ghsa

When is ruby-3.5.0-preview2 scheduled to be released? Apparently the cgi library is going to be partially removed in 3.5.0-preview2, but is still present in 3.5.0-preview1.
bugs.ruby-lang.org/issues/21258

#ruby

Added Ruby 3.4.4 to the ruby-versions database. ruby-install users can now safely upgrade to Ruby 3.4.4.

$ ruby-install -U ruby-3.4.4

www.ruby-lang.org/en/news/2025...
github.com/postmodern/r...

#ruby #ruby_install #rubyinstall

Just added Ruby 3.5.0-preview1 to the ruby-versions database for ruby-install users. You can now safely install Ruby 3.5.0-preview1 and test it.

$ ruby-install -U ruby-3.5.0-preview1

www.ruby-lang.org/en/news/2025...
github.com/postmodern/r...

#ruby #rubyinstall #ruby_install

Added Ruby 3.3.8 to the ruby-versions database for ruby-install users.

$ ruby-install -U ruby-3.3.8

www.ruby-lang.org/en/news/2025...
#ruby #ruby_install #rubyinstall

Added Ruby 3.4.3 to the ruby-versions database for ruby-install users.

$ ruby-install -U ruby-3.4.3

www.ruby-lang.org/en/news/2025...
#ruby #ruby_install #rubyinstall

Where do you (or should you) put the code used for code generation within a library? Obviously cannot put it in `lib/`, because this code is only meant to be used internally to generate the code in `lib/`.

Ronin 2.1.1 and other patch versions have been released!
ronin-rb.dev/blog/2025/02...

#ronin #roninrb #ruby #infosec #securitytools #opensource

hmm, I'll have to look into creating my own feed.

Hashtags > Feeds. The concept of Feeds for a topic on #BlueSky are broken. There's no way to filter out off-topic posts from Feeds and I keep seeing random fan-art accounts show up in the largest CyberSec / InfoSec Feed. If only there was some kind of way to "tag" the posts with relevant keywords...

Er Feeds.

Added Ruby 3.4.2 to the ruby-versions database. It is now safe for ruby-install users to install Ruby 3.4.2.

$ ruby-install -U ruby 3.4.2

www.ruby-lang.org/en/news/2025...
github.com/postmodern/r...
#ruby #ruby_install #rubyinstall

Also a little peeved about how simply mapping a finite set of String values from the DB to a finite set of Symbols is so error prone in ActiveRecord. It should not be this difficult. ಠ_ಠ

Upate ActiveRecord `enum` syntax (closes #143). · ronin-rb/ronin-db-activerecord@51c9b07 ActiveRecord backend for the Ronin Database. Contribute to ronin-rb/ronin-db-activerecord development by creating an account on GitHub.

Lazy Rails: how do you define String based/backed Enums in ActiveRecord 7.x? Appears that by giving an explicit mapping of Hash{Symbol => String}, this causes an ArgumentError where it incorrectly tries to define the same `enum_value?` method twice.
github.com/ronin-rb/ron...

#activerecord

Is there a way to flag or request that an account be removed from a BlueSky Feed? Just noticed a Sonic the Hedgehog-themed shitpost account in the largest Cyber Security / InfoSec feed. Yay, how about no.

#bluesky

I am still looking for an ERD generating gem that can be used in a gem containing ActiveRecord models. Every single ERD generator assumes you're using it within a proper Rails app with a models/ directory, etc.

Release 0.10.1 · postmodern/ruby-install ruby Pass in the path of homebrew's jemalloc to ./configure via --with-opt-dir.

Released ruby-install 0.10.1 with a minor fix for homebrew users who also want to compile ruby with jemalloc support.

github.com/postmodern/r...
github.com/postmodern/r...

#ruby #ruby_install #jemalloc #homebrew

Release 0.10.0 · postmodern/ruby-install If the installation directory or one of it's parent directories cannot be written to then ruby-install will exit with an error before attempting to build the Ruby. When running under a non-TTY, dis...

Released ruby-install 0.10.0! This release contains many small improvements to usability and better support for building CRuby with jemalloc or YJIT enabled.

$ ruby-install ruby -- --with-jemalloc
$ ruby-install ruby -- --enable-yjit

github.com/postmodern/r...

#ruby #yjit #jemalloc

External being hosted on a different host or in a different environment, possibly by a different cloud provider. I.e. outside of the main app itself.

I assume JWT for authentication? Or is there a Java web service framework also called JWT? :)

I'm curious what other Rubyists/Railists are using for setting up external/backend API servers (aka micro-services or macro-services)? How are you managing authentication between the app and the external API?

#ruby #rails #microservices #macroservices

BlueSky Feature Request: the ability to save or follow searches. It should be easy to monitor certain keywords.

#bluesky #featurerequest

I was going to say dry-rb, but I've definitely found edge-case bugs in it's libraries before (a few are still open). I'm *almost* to zero bugs with ronin-rb, but I'm sure there's probably a few more bugs still lurking in there.
github.com/issues?q=is%...

Metasploit's Exploit API is not the greatest. Checkout ronin-exploits which is simpler and cleaner.
github.com/ronin-rb/ron...

How are people running their tests on GitHub Actions as *non-root* users? I have tests that specifically test when a given directory is writable and not writable. Running the tests as a privileged root user makes *everything* writable and thus breaks some tests.

#githubactions

Finally added Ruby 3.4 to Ronin's CI and am getting bitten by base64 and csv load issues, due to them no longer being "default gems" but now just "bundled gems". Ruby code can still require these files just fine, but Bundler is excluding them. Must we really add these gems to gem's gemspecs?

#ruby

Particularly, I'm looking for technical posts, not "Cyber Security" news about the latest data breach which are the equivalent of tabloid celebrity gossip but for InfoSec.

Ah! That is exactly what I was looking for. Thank you.

Padrino is a different web framework that was originally built on top of Sinatra. I just wish Sinatra had it's own command to generate a simple app directory structure.