1

Newest release of Spiceworks uses Ruby v1.93.194 while the latest version including one or more security fixes is 1.9.3.448. Should I be worried?

3 Spice ups
2

If you are on 6.2 I wouldn’t be too concerned at the moment, Spiceworks 7 RC1 is out and a final release is on the horizon. I would expect that the new version will be fully updated.

1 Spice up
3

Yes thanks. I’m on the latest Spiceworks (6.2.00919). Many thanks for your speedy reply, and your advice!

4

In the meantime, feel free to reach out to support@spiceworks.com, or PM Aaron@Spiceworks. Should be able to get a more precise answer on that.

5

It takes time for Developers to load the Ruby version, QA it, and build on it. Typical adoption lifestyle for software of a dev team to use. That is not far behind at all, its not like the app is on 1.00.

I have to give the dev team props for keeping it up to very close.

3 Spice ups
6

I don’t know that anyone can answer if you should worry or not- I would think that would be solved by checking the change logs for ruby directly, as well as various security sites for vulnerabilities, such as (and most certainly not limted to)

http://web.nvd.nist.gov/view/vuln/search-results?query=ruby&search_type=all&cves=on

http://search.cert.org/search?q=ruby&btnG.x=0&btnG.y=0&entqr=0&ud=1&sort=date%3AD%3AL%3Ad1&output=xml_no_dtd&oe=UTF-8&ie=UTF-8&client=default_frontend&proxystylesheet=default_frontend&site=default_collection

1 Spice up
7

Many thanks guys. I completely understand the dev cycle. If you guys use Secunia’s tools, you may have noticed that it flags this. As has been said above, I will await the next update. Thanks again.