Upgrade to Ruby 3.2 to avoid ReDoS attacks
Did you know that in Ruby 3.1.3 and prior some regular expressions could take a long time to process?
Don't believe me? Try running this in a 3.1.3 irb console:
/^a*b?a*$/ =~ "a" * 50000 + "x"
Your system will halt for like 10 seconds before returning no matches. This is the basis for ReDoS (Regexp Denial of Service) attacks.
Thankfully, Ruby 3.2.0 has fixed this and the same regexp gets resolved in 0.003 seconds. They also added a Regex.timeout
global option which would prevent your app from falling victim to ReDoS attacks!