cel 0.5.0 has been released. cel is a pure Ruby implementation of Google Common Expression Language, https://opensource.google/projects/cel. The Common Expression Language (CEL) implements common semantics for expression evaluation, enabling different applications to more easily interoperate. ```ruby require "cel" # set the environment env = Cel::Environment.new(name: :string, group: :string) # parse ast = env.compile('name.startsWith("/groups/" + group)') # check prg = env.program(ast) # evaluate prg.evaluate(name: Cel::String.new("/groups/acme.co/documents/secret-stuff "), group: Cel::String.new("acme.co")) #=> true # or do it all in one go env.evaluate('name.startsWith("/groups/" + group)', name: Cel::String.new("/groups/acme.co/documents/secret-stuff"), group: Cel::String.new("acme.co") ) ``` Here are the updates since the last release: ## [0.5.0] - 2025-12-11 ### Features #### Custom extensions A new `:extensions` kwarg is added to `Cel::Environment.new` which allows adding custom extensions, in a similar manner as what the standard extensions (like `math` or `string`) are done: ```ruby module Ext # defines a random function which takes no arguments and returns 42 end Cel::Environment.new.evaluate("ext.random()") #=> raises error Cel::Environment.new(extensions: { ext: Ext }).evaluate("ext.random()") #=> 42 ``` ### Backwards Compatibility The ractor safety introduced in 0.4.1 has been relaxed in order to allow extensions of core classes by custom extensions, And you'll need to explicitly call `Cel.freeze` before using `cel` inside ractors. This is a direct consequence of how extensions patch `cel` core classes. ATTENTION: Changes may be introduced in the way core classes are patched by extensions, towards making `cel` ractor-safe by default. If you rely on custom extensions, do follow the migration instructions in subsequent releases. ### Bugfixes Fixed checker type inference when using nexted expressions (like when using the `bind` extensions to evaluate cel sub-expressions). ## [0.4.1] - 2025-11-25 ### Improvements * Literal class can now mark which methods are CEL directives, the remainder being lib private helpers. * `cel` is now ractor compatible. * Documentation on how to support abstract types has been added. ### Security A remote execution attack vector has been fixed, which allowed executing arbitrary Ruby code within a CEL expression when calling functions on a variable declared as a CEL map. Example: ```ruby env = Cel::Environment.new(declarations: { webhook: :map }) env.evaluate("webhook.payload.send('eval', 'File.write(\"test.txt\", \"Hello, world!\")')", webhook: { payload: {} }) ```