JRuby Released

Wednesday, March 25 2020

The JRuby community is pleased to announce the release of JRuby

JRuby 9.2.x is compatible with Ruby 2.5.x and stays in sync with C Ruby. As always there is a mix of miscellaneous fixes so be sure to read the issue list below. All users are encouraged to upgrade.

As we are actively working on we decided to put out a mini release which fixes a single issue.

  • sprintf substring string formatting with precision may expose characters (#6137)

If you format a string using a precision specifier (e.g. %.1s) AND you pass in a substring of a larger string, you may see some of the larger string’s characters in the formatted result. This is due to a bug in the handling of internal String data that causes the result to contain more characters than requested.

long_string = "aabbccddhelloddccbbaa"
start_index = 8
sub_str_length = 5
precision = 3
sub_string = long_string[start_index, sub_str_length]
puts sprintf("%.#{precision}s", sub_string)
# => helloddccbb

This bug could potentially expose sensitive content from the original String. It is unlikely to affect most users, but you are still encouraged to upgrade.

Github Issues resolved for

  • #6138 - Subtract begin offset for partial substring in sprintf 's'
  • #6137 - `sprintf` adds extra buffer slots when precision arg truncates string slices