Improving callable service objects with private constructors in Ruby
· 6 min read
Max Mulatz
Whitespace wrestler on a functional fieldtripPrivatizing the constructor methods of callable services in Ruby on Rails for cleaner APIs and tests.
3 posts tagged with "ruby on rails"
View All TagsA Caching Journey
· 6 min read
Max Mulatz
Whitespace wrestler on a functional fieldtripHow to take back control over caching with Rails' Active Storage and Amazon S3.
Arbitrary Code Execution Vulnerability in Simple Form CVE-2019-16676
· 6 min read
Philipp Tessenow
Tech-nerd & Intranet-gangsterSummary
On 2019-08-02 we at bitcrowd discovered a security vulnerability in simple_form. simple_form is one of the go-to ways to easily handle HTML forms in Ruby on Rails. The security issue allows arbitrary code execution in the worst case, but at least has potential for data corruption or DOS attacks. This security issue was responsibly disclosed by bitcrowd. Find details about the timeline of the events and a more detailed description below.