JRuby Dev Team

Today we were informed of a low-severity vulnerability in the bcrypt-ruby gem. We worked with the maintainers to arrange a fix. Upgrading is recommended. CVE-2026-33306: Integer Overflow Causes Zero Key-Strengthening Iterations at Cost=31 on JRuby github.com/bcrypt-ruby/bc…

JRuby 10.0.4.0 is released! A month after 10.0.3.0, we've addressed lots of one-off issues, a few memory and thread-safety fixes, and general compatibility and stabilization work. Enjoy! jruby.org/2026/03/04/jru…

JRuby 10.0.3.0 is released! Over 80 issues and pull requests and 13 external contributors combined to help further stabilize our 10.0 series! There's lots of compatibility fixes, a few performance enhancements, and a number of library updates. jruby.org/2026/02/02/jru…

New post: Warbled Sidekiq: Zero-install Executable for JVM Previously, I showed how to use Warbler to package a simple tool as an executable jar. This post will demonstrate how to “warble” a larger project: the Sidekiq background job server! buff.ly/ZEasNiu

New post: "Packaging Ruby Apps with Warbler: Executable JAR Files" Warbler is the JRuby ecosystem’s tool for packaging up Ruby apps with all dependencies in a single deployable file. Let’s use Warbler to create all-in-one packaged Ruby apps! buff.ly/ZdXcCop

Warbler 2.1.0 has been released! Warbler allows you to package JRuby applications (with obfuscation of code) as a single binary, either a .jar file you can run directly or a .war file you can deploy to any Java application server. Blog post coming! rubygems.org/gems/warbler/v…

We have published Docker images for JRuby 9.4 and JRuby 10 on JDK 25! The -dev images are also updated to latest commits. Give them a try and let us know if there's any issues!

At the end of my post on JRuby and JDK 25 startup time features, I teased a bit of the unreleased improvements from Project Leyden. It turns out the latest commits improve startup time even more, so it seems worth posting a quick follow-up! reddit.com/r/ruby/comment…

New post: JRuby and JDK 25: Startup Time with AOTCache Let's take a look at JRuby's startup time journey, all the way up to using JDK 25's AOTCache and Project Leyden features coming to a JDK near you soon. blog.headius.com/2025/09/jruby-…

JRuby 9.4.14.0 is released! We've updated a bunch of the standard library (including "cgi" to fix a couple of CVEs), fixed a few memory leaks and a bunch of compatibility issues, and generally stabilized things. Upgrading is recommended! jruby.org/2025/08/28/jru…

JRuby 10.0.2.0 is released! This is a small release to fix an ArgumentError regression in JRuby 10.0.1.0 plus a few other small fixes. Recommended upgrade for all, but let us know if you run into any issues! jruby.org/2025/08/07/jru…

We have just released JRuby 10.0.1.0, our first update to JRuby 10! There's dozens of patches including full support (finally) for Zeitwerk and a bunch of Ruby 3.4 language fixes. Upgrade today and let us know how it goes! jruby.org/2025/07/17/jru…

We have released jruby-maven-plugins 3.0.6, updating JRuby to 9.4.13.0 along with several other improvements. But more exciting: Warbler is BACK! We've updated it for latest JRuby and dependencies and it's running green in CI. Time for feature requests! #issuecomment-3002560812" target="_blank" rel="nofollow noopener">github.com/jruby/warbler/…

FYI: now that Ubuntu 20.04 is EOL, future releases of the JRuby Docker image will be based on Ubuntu 22.04. This will take effect with releases 9.4.14.0 and 10.0.1.0, whenever they happen. See github.com/docker-library…

JRuby 9.4.13.0 is released! We have fixed several user issues, including a slow leak in Java interface implementation, a possible deadlock between JIT and main threads, and backported launcher improvements from JRuby 10! jruby.org/2025/06/10/jru…

@nanovms @headius Thank you!

this week on the unikernel application spotlight we check out @jruby youtube.com/watch?v=72wlDv… real threads && jvm interop - congrats on 10.x release and 24 yrs! @headius

That's right... JRuby is the only Ruby with a fully-portable, all-in-one distribution that works with Bazel's secure, closed-world builds. You want secure, stable, scalable Ruby, you use JRuby! Thanks for the chat at @rubykaigi!

One of my benchmarks for learning German is being able to construct Alle Kinder jokes, about whatever topic I happen to be thinking about. Still usually uncertain if I have the exact right words. Alle Kinder verwenden @jruby, außer Bill, der keine Leistung will.

Security advisory: We have released jruby-openssl gem 0.15.4, jruby 10.0.0.1, and jruby 9.4.12.1 to address CVE-2025-46551, disabled hostname verification by default. We recommend that all users upgrade! cve.org/CVERecord?id=C… jruby.org/2025/05/07/jru… jruby.org/2025/05/07/jru…