Ruby 3.2.0 Preview 1 has been released. This release adds many new features, as well as optimized performance.
WASI-based WebAssembly support
This is an initial port of WASI-based WebAssembly support. This feature enables CRuby binaries to be used on web browsers, Serverless Edge environments, and other WebAssembly/WASI embedders. Currently, this port passes the tests of the basic and bootstrap test suites without using the Thread API.
Regular expression timeout exit mechanism
This release introduces a regular expression timeout exit mechanism.
Regexp.timeout = 1.0
/^a*b?a*$/ =~ "a" * 50000 + "x"
#=> Regexp::TimeoutError is raised in one second
Since regular expression matching can take a lot of time, attackers may use it to perform DoS attacks (regular expression DoS, or ReDoS) when code tries to match an inefficient regular expression to untrusted input. .
Regexp.timeout
Configured according to the requirements of the Ruby application, the risk of DoS can be prevented or significantly reduced. Please note that it Regexp.timeout
is a global configuration item. If you want to use different timeout settings for some special regular expressions, you need to use timeout
keywords Regexp.new
.
Regexp.timeout = 1.0
# This regexp has no timeout
long_time_re = Regexp.new("^a*b?a*$", timeout: nil)
long_time_re =~ "a" * 50000 + "x" # never interrupted
Original proposal for this feature: https://bugs.ruby-lang.org/issues/17837
Other updates include optimizing performance, updating the standard library, etc. For details, see the release announcement .