All versions of MRI Ruby that claim to fix the vulnerabilities are either failing with segmentation faults or change the API in ways that make it impossible to run vital libraries such as Rails 2.0.x and RSpec. These broken versions include: 1.8.5p231, 1.8.6p230, 1.8.7p22, and 1.9.0-2. Unfortunately, the source code describing some of the proposed fixes has been publicly available now for four days for crackers to write their attacks, so we're in a race with the bad guys to deliver a solution. Is anyone working on fixing these bugs? If not, can we rally the community to get a bounty and/or code sprint going? Is there a way to convince the Ruby maintainers to run new code against the publicly-available test suites provided by RubySpec, Rails and Rspec before they ship a new version to avoid these problems in the future? Is there anything else that those of us which lack the necessary C expertise to fix these problems can do to help with this effort? Thank you. -igal -- Posted via http://www.ruby-forum.com/.