Skip to content

Instantly share code, notes, and snippets.

@zzak
Created December 13, 2013 17:43
Show Gist options
  • Save zzak/f73d97e4a802e1e6da86 to your computer and use it in GitHub Desktop.
Save zzak/f73d97e4a802e1e6da86 to your computer and use it in GitHub Desktop.
layout title author translator date lang
news_post
Security Maintenance Extension of Ruby 1.8.7 and 1.9.2
zzak
2013-12-13 17:14:20 UTC
en

Effective immediately, 1.8.7 and 1.9.2 will be supported for security patches until June 2014.

  • @hone02 and @_zzak will assume maintainership
  • After the 6 month maintenance period, we can add more committers to extend another 6 months.

This maintainance extension is made possible by Heroku, see their blog post A Patch in Time: Securing Ruby for more information.

Reporting issues

During this extended maintenance period we will only apply security patches to the source code repository for 1.8.7 and 1.9.2.

We take security very seriously, if you find a vulnerability please report it to security@ruby-lang.org immediately. This mailing list is private and reported problems will be published after a fix is released.

Please see ruby-lang.org/en/security for more information.

On Release Management

As I mentioned above, we will only be applying security patches and incrementing the patch level.

We will not be releasing a patched version of 1.8.7 or 1.9.2 to ruby-lang.org. However, you are free to repackage binaries from source.

Reason being, we don't want any new tickets, as an official release will result in continue responsibility of ruby-core to follow up on maintenance. Our team resources are already low, and we want to encourage upgrades, not support outdated versions.

Why resurrect 1.8.7?

You may remember an annoucement approx. 6 months ago that sunset 1.8.7.

While ruby-core will no longer resume maintenance of 1.8.7 or 1.9.2, Terence and myself will support these versions for security maintenance as part of a corporate sponsorship.

In the past we have supported vendors who wish to maintain legacy versions. In 2009 the maintenance of Ruby 1.8.6 was transfered to Engine Yard when they released 1.8.6-p369.

Words of encouragement

We would like to take this chance to strongly encourage you upgrade to a supported version of Ruby as soon as possible. Many ruby-core members have put countless hours into improving the performance and features of Ruby in 2.0+ and we wish you would take advantage of it.

Thank you for your continued support and lets keep making Ruby better!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment