[ruby-talk:444711] [ANN] cel 0.5.0 released
0 views
Skip to first unread message
Tiago Cardoso via ruby-talk
Dec 11, 2025, 6:39:11 AM (13 days ago) Dec 11
to Ruby users, Tiago Cardoso
cel 0.5.0 has been released.
cel is a pure Ruby implementation of Google Common Expression Language, https://opensource.google/projects/cel.
The Common Expression Language (CEL) implements common semantics for expression evaluation, enabling different applications to more easily interoperate.
The Common Expression Language (CEL) implements common semantics for expression evaluation, enabling different applications to more easily interoperate.
```ruby
require "cel"
# set the environment
env = Cel::Environment.new(name: :string, group: :string)
# parse
ast = env.compile('name.startsWith("/groups/" + group)')
require "cel"
# set the environment
env = Cel::Environment.new(name: :string, group: :string)
# parse
ast = env.compile('name.startsWith("/groups/" + group)')
# check
prg = env.program(ast)
# evaluate
prg.evaluate(name: Cel::String.new("/groups/acme.co/documents/secret-stuff"),
group: Cel::String.new("acme.co")) #=> true
prg = env.program(ast)
# evaluate
prg.evaluate(name: Cel::String.new("/groups/acme.co/documents/secret-stuff"),
group: Cel::String.new("acme.co")) #=> true
# or do it all in one go
env.evaluate('name.startsWith("/groups/" + group)',
name: Cel::String.new("/groups/acme.co/documents/secret-stuff"),
group: Cel::String.new("acme.co")
)
name: Cel::String.new("/groups/acme.co/documents/secret-stuff"),
group: Cel::String.new("acme.co")
)
```
Here are the updates since the last release:
## [0.5.0] - 2025-12-11
### Features
#### Custom extensions
A new `:extensions` kwarg is added to `Cel::Environment.new` which allows adding custom extensions, in a similar manner as what the standard extensions (like `math` or `string`) are done:
```ruby
module Ext
# defines a random function which takes no arguments and returns 42
end
Cel::Environment.new.evaluate("ext.random()") #=> raises error
Cel::Environment.new(extensions: { ext: Ext }).evaluate("ext.random()") #=> 42
```
### Backwards Compatibility
The ractor safety introduced in 0.4.1 has been relaxed in order to allow extensions of core classes by custom extensions, And you'll need to explicitly call `Cel.freeze` before using `cel` inside ractors. This is a direct consequence of how extensions patch `cel` core classes.
ATTENTION: Changes may be introduced in the way core classes are patched by extensions, towards making `cel` ractor-safe by default. If you rely on custom extensions, do follow the migration instructions in subsequent releases.
### Bugfixes
Fixed checker type inference when using nexted expressions (like when using the `bind` extensions to evaluate cel sub-expressions).
## [0.4.1] - 2025-11-25
### Improvements
* Literal class can now mark which methods are CEL directives, the remainder being lib private helpers.
* `cel` is now ractor compatible.
* Documentation on how to support abstract types has been added.
### Security
A remote execution attack vector has been fixed, which allowed executing arbitrary Ruby code within a CEL expression when calling functions on a variable declared as a CEL map. Example:
### Features
#### Custom extensions
A new `:extensions` kwarg is added to `Cel::Environment.new` which allows adding custom extensions, in a similar manner as what the standard extensions (like `math` or `string`) are done:
```ruby
module Ext
# defines a random function which takes no arguments and returns 42
end
Cel::Environment.new.evaluate("ext.random()") #=> raises error
Cel::Environment.new(extensions: { ext: Ext }).evaluate("ext.random()") #=> 42
```
### Backwards Compatibility
The ractor safety introduced in 0.4.1 has been relaxed in order to allow extensions of core classes by custom extensions, And you'll need to explicitly call `Cel.freeze` before using `cel` inside ractors. This is a direct consequence of how extensions patch `cel` core classes.
ATTENTION: Changes may be introduced in the way core classes are patched by extensions, towards making `cel` ractor-safe by default. If you rely on custom extensions, do follow the migration instructions in subsequent releases.
### Bugfixes
Fixed checker type inference when using nexted expressions (like when using the `bind` extensions to evaluate cel sub-expressions).
## [0.4.1] - 2025-11-25
### Improvements
* Literal class can now mark which methods are CEL directives, the remainder being lib private helpers.
* `cel` is now ractor compatible.
* Documentation on how to support abstract types has been added.
### Security
A remote execution attack vector has been fixed, which allowed executing arbitrary Ruby code within a CEL expression when calling functions on a variable declared as a CEL map. Example:
```ruby
env = Cel::Environment.new(declarations: { webhook: :map })
env.evaluate("webhook.payload.send('eval', 'File.write(\"test.txt\", \"Hello, world!\")')", webhook: { payload: {} })
```
env = Cel::Environment.new(declarations: { webhook: :map })
env.evaluate("webhook.payload.send('eval', 'File.write(\"test.txt\", \"Hello, world!\")')", webhook: { payload: {} })
```
Reply all
Reply to author
Forward
0 new messages