Rubyland

news, opinion, tutorials, about ruby, aggregated
Sources About
danielabaron.me RSS Feed 

Audit a Rails Project with the Thoughtbot Audit Skill

Drifting Ruby Screencasts 

Claude Skills

RubySec 

GHSA-mjgf-xj26-9qf9 (pay): pay-rails/pay - non-constant-time HMAC comparison in Paddle Billing webhook signature verifier

Tejas' Blog 

Distributive Conditional Types in TypeScript

avdi.codes 

https://avdi.codes/163761-2/?utm_source=rss&utm_medium=rss&utm_campaign=163761-2

OmbuLabs Blog 

Error Logs Won’t Save You: Why LLM Applications Need Tracing

Ruby on Rails: Compress the complexity of modern web apps 

ProxyLogger, MIME deprecations, and more fixes

Ruby on Rails: Compress the complexity of modern web apps 

Final step in the Learn Rails tutorial series: Product Reviews

Remote Ruby 

Chris Is Back And Ready To Rant

Noteflakes 

Extralite 3.0.0 Released

Weelkly Article – Linking Ruby knowledge from the most remote places in the world. 

How to Safely and Efficiently Transform Payloads in Ruby and Ruby on Rails Workflows

Ruby Central 

An Anonymous Donation to Help More Rubyists Get to RubyConf 2026

Awesome Ruby Newsletter 

💎 Issue 528 - Rails: The Sharp Parts. A Polymorphic Type Is Not a Foreign Key

Ruby Weekly 

The tools RubyKaigi attendees are using

Rails Designer Blog 

Build a changelog widget (with Perron)

Weelkly Article – Linking Ruby knowledge from the most remote places in the world. 

Dependabot Resolves Remaining Bundler 4 Compatibility Issues

avdi.codes 

https://avdi.codes/162155-2/?utm_source=rss&utm_medium=rss&utm_campaign=162155-2

The Rails Tech Debt Blog 

Sidekiq & Rails Compatibility Table

The Rails Tech Debt Blog 

The Hidden Cost of Your Test Suite, and How to Fix It

Planet Argon Blog 

What Nobody's Telling You About AI Agents and Team Development

avdi.codes 

https://avdi.codes/162086-2/?utm_source=rss&utm_medium=rss&utm_campaign=162086-2

avdi.codes 

https://avdi.codes/162082-2/?utm_source=rss&utm_medium=rss&utm_campaign=162082-2

Evil Martians 

AI vs. human illustrators? AI + human illustrators!

Alchemists: Articles 

Server Sent Events

The Ruby on Rails Podcast 

Episode 541: Markus Schirp and Mutation Testing

Hanakai 

Hanami 3.0: In full bloom

Weelkly Article – Linking Ruby knowledge from the most remote places in the world. 

Design Patterns, the Ruby Way (Part 3): Behavioral Patterns in Real Ruby Applications

avdi.codes 

https://avdi.codes/161044-2/?utm_source=rss&utm_medium=rss&utm_campaign=161044-2

Evil Martians 

Most MCP servers don't need to exist. Your case might be an exception.

OmbuLabs Blog 

Behind the scenes of an AI-Driven Web Scraping System

The Bike Shed 

504: AI Ethics (with guests!)

Syed Aslam 

RailsRevelry Is a Map for Understanding Rails

Ruby News 

Ruby 3.4.10 Released

Gusto Engineering - Medium 

From Prompt to Classifier: A Production Case Study

ruby – Bibliographic Wilderness 

Getting started with Claude Code, on MacOS, with chruby and rspec

Weelkly Article – Linking Ruby knowledge from the most remote places in the world. 

Design Patterns, the Ruby Way (Part 2): Modern Creational and Structural Patterns

RubySec 

CVE-2026-49342 (yard): YARD static cache reads raw traversal paths before router sanitization

RubySec 

CVE-2026-44162 (fluent-plugin-s3): fluent-plugin-s3 Vulnerable to Denial of Service (DoS) via Decompression Bomb in `in_s3`

RubySec 

CVE-2026-44163 (fluent-plugin-opentelemetry): fluent-plugin-opentelemetry Has Denial of Service (DoS) via Large Payloads and Decompression Bombs in `in_opentelemetry`

RubySec 

GHSA-6jxj-px6v-747w (crass): Deeply nested CSS blocks and functions can trigger a SystemStackError or excessive memory usage

RubySec 

GHSA-6wmf-3r64-vcwv (crass): Large numeric exponents cause CPU and memory denial of service

RubySec 

GHSA-8vfg-2r28-hvhj (crass): Non-ASCII characters cause superlinear CPU consumption

RubySec 

GHSA-wwpr-jff3-395c (crass): A large number of adjacent CSS comments can trigger a SystemStackError

RubySec 

CVE-2026-44024 (fluentd): Fluentd is Vulnerable to Remote Code Execution (RCE) via Arbitrary File Write in `${tag}` Placeholder

RubySec 

CVE-2026-44025 (fluentd): Fluentd is Vulnerable to Exposure of Sensitive Information via Monitor Agent API

RubySec 

CVE-2026-44160 (fluentd): Fluentd is Vulnerable to Denial of Service (DoS) via Gzip Decompression Bomb in `in_http` and `in_forward`

RubySec 

CVE-2026-44161 (fluentd): Fluentd is Vulnerable to Server-Side Request Forgery (SSRF) via Placeholder Expansion in `out_http`

Ruby on Rails: Compress the complexity of modern web apps 

RFC 9110 Accept headers, dotenv fixes, and Ractor safety

Passenger - Phusion Blog 

Passenger 6.1.6

Rémi Mercier 

Square? Or freeform? (Ruby Stained Glass Notes #03)

DEV Community: Brandon Weaver 

Moving to baweaver.com

Benito Serna 

You can ask your coding agent for a selector to compare UI options

Awesome Ruby Newsletter 

💎 Issue 527 - RubyLLM: A single, beautiful Ruby framework for all major AI providers

Ruby Weekly 

A Rails blog app in a ~500KB binary

Rails Designer Blog 

Beam Up: CLI to deploy static sites

avdi.codes 

https://avdi.codes/158216-2/?utm_source=rss&utm_medium=rss&utm_campaign=158216-2

Once a Maintainer 

Once a Maintainer: Mike Dalessio

avdi.codes 

https://avdi.codes/158050-2/?utm_source=rss&utm_medium=rss&utm_campaign=158050-2

avdi.codes 

https://avdi.codes/157853-2/?utm_source=rss&utm_medium=rss&utm_campaign=157853-2

avdi.codes 

https://avdi.codes/157772-2/?utm_source=rss&utm_medium=rss&utm_campaign=157772-2

Ruby Central 

Announcing the RubyConf VIP Raffle

Ruby Central 

SmartFinancial Is Coming to RubyConf 2026 and They're Hiring!

avdi.codes 

https://avdi.codes/157638-2/?utm_source=rss&utm_medium=rss&utm_campaign=157638-2

The Rails Tech Debt Blog 

Painfully Simple Test Case Mistakes That Are Easy To Fix

Evil Martians 

Choose your fighter: benchmarking 5 WebSocket servers for Node.js

RubySec 

GHSA-g9g8-vgvw-g3vf (nokogiri): Possible invalid memory read when calling `Nokogiri::XML::Node#initialize_copy_with_args` with incorrect argument type

The Ruby on Rails Podcast 

Episode 540: Jeremy Smith and Blue Ridge Ruby

Carmine Paolino 

Founding a Company in Germany: €9,600, 152 Days, and I Still Can’t Send an Invoice

a-chacon 

Procman: An alternative for running Procfile apps

Weelkly Article – Linking Ruby knowledge from the most remote places in the world. 

How Ruby Itself Uses Dependabot: A Look Behind MRI’s Dependency Management

Benito Serna 

Make a method a recurring task with solid queue

RubyGems Blog 

4.0.15 Released

Planet Argon Blog 

Your Rails App Just Got Acquired. Now What?

OmbuLabs Blog 

How to Write a Claude Code Skill

avdi.codes 

Is Successful Agentic Coding a Delusion?

The Rails Tech Debt Blog 

JRuby & Rails Compatibility Table

The Bike Shed 

503: Seeing the Graph for the Trees

RubySec 

CVE-2026-54904 (concurrent-ruby): Concurrent Ruby - `AtomicReference#update` livelocks when the stored value is `Float::NAN`

RubySec 

CVE-2026-54905 (concurrent-ruby): Concurrent Ruby - `ReentrantReadWriteLock` read-count overflow grants a write lock without exclusivity

RubySec 

CVE-2026-54906 (concurrent-ruby): Concurrent Ruby - ReadWriteLock allows wrong-thread write release and stray read-release counter corruption

RubySec 

CVE-2026-54500 (oj): Oj - intern.c form_attr (uninitialized stack read)

RubySec 

CVE-2026-54502 (oj): Oj - Stack Buffer Overflow in Oj.dump via Large Indent

RubySec 

CVE-2026-54592 (oj): Oj - Stack Buffer Overflow in Oj::Doc#each_child via Deeply Nested Input

Aha! Engineering Blog 

I'm the agent for Claude now

avdi.codes 

https://avdi.codes/156725-2/?utm_source=rss&utm_medium=rss&utm_campaign=156725-2

Ruby on Rails: Compress the complexity of modern web apps 

Here are the Rails World 2026 speakers

RubySec 

CVE-2026-54297 (faraday): Faraday - Uncontrolled recursion in NestedParamsEncoder allows stack exhaustion DoS via deeply nested query parameters

RubySec 

GHSA-mqq5-j7w8-2hgh (alchemy_cms): AlchemyCMS - Unauthenticated nested page API leaks restricted and unpublished content

Weelkly Article – Linking Ruby knowledge from the most remote places in the world. 

Can Ruby Next Help You Upgrade an Application Gradually?

Left of the Dev 

New book: Testing Rails from Scratch

RubySec 

GHSA-5prr-v3j2-97mh (nokogiri): Nokogiri: Possible Out-of-Bounds Read in `Nokogiri::XML::NodeSet#[]`

RubySec 

GHSA-5v8h-3h3q-446p (nokogiri): Nokogiri: Possible Use-After-Free when `Nokogiri::XML::Document#encoding=` raises an exception

RubySec 

GHSA-8678-w3jw-xfc2 (nokogiri): Nokogiri: XML::Schema on JRuby allows network requests when NONET is set, bypassing CVE-2020-26247

RubySec 

GHSA-9cv2-cfxc-v4v2 (nokogiri): Nokogiri: Null Pointer Dereference calling methods on uninitialized wrapper classes

RubySec 

GHSA-p67v-3w7g-wjg7 (nokogiri): Nokogiri: Possible Use-After-Free when directly using `NokogirI::XML::XPathContext` beyond document lifetime

RubySec 

GHSA-phwj-rprq-35pp (nokogiri): Nokogiri: Possible Use-After-Free when setting an attribute value via `Nokogiri::XML::Attr#value=` or `#content=`

RubySec 

GHSA-wfpw-mmfh-qq69 (nokogiri): Nokogiri: Possible Use-After-Free in XInclude Processing

RubySec 

GHSA-wjv4-x9w8-wm3h (nokogiri): Nokogiri: Possible Use-After-Free when setting `Document#root=` to an invalid node type

avdi.codes 

https://avdi.codes/155720-2/?utm_source=rss&utm_medium=rss&utm_campaign=155720-2

RubySec 

CVE-2026-12515 (katello): katello - missing repository authorization in content_uploads exposes cross-product content existence

RubySec 

CVE-2026-55518 (avo): Avo - Missing Authorization in Avo Association Attach Endpoint Allows Unauthorized Relationship Manipulation and Privilege Escalation

Ruby on Rails: Compress the complexity of modern web apps 

This Week in Rails: June 19, 2026

Remote Ruby 

Navigating Subscription Overhauls and Payments

Noteflakes 

Rethinking modularity in Ruby applications

Tim Riley 

Continuations 2026/24: Clearing the decks

Weelkly Article – Linking Ruby knowledge from the most remote places in the world. 

Herb and ReActionView: A Glimpse Into the Future of Rails Views

Ryan Bigg Blog 

Comsol Customer Service

RubySec 

CVE-2026-54901 (oj): Oj- Use-After-Free in 'Oj::Parser' array_class/hash_class GC Marking

RubySec 

CVE-2026-54902 (oj): Oj - Use-After-Free in 'Oj::Parser' SAJ Long Key Callback

RubySec 

CVE-2026-54903 (oj): Oj - Integer Overflow in Oj.load 2GB String Handling