CPU usage with 2-2-CVE-2009-3009.patch and 2.2.2

We have applied the XSS vulnerability patch to the Rails 2.2.2
codebase and built our own version of the 2.2.2 gems.

When we run with this patched 2.2.2, we are seeing high CPU usage
which seems to be a direct result of the additional UTF-8 checking.
Unfortunately it has increased CPU load so much that we are no longer
able to keep up with the requests coming in.

One idea we’ve had is to try to minimize the use of tag helpers in our
application, but that seems like a pretty drastic step to take
considering that before the patch we had plenty of headroom. The
increase in CPU load is high enough that it seems like there could be
room for optimization in this patch.

Has anyone else run into this issue? Does anyone know of a good way to
improve performance in this area?

Someone else had the same problem and posted a ticket to Lighthouse
with a workaround patch.

The patch completely fixes our problem.


On Sep 10, 3:15 pm, Grant H. [email protected]

Applied. Another 2.3 point release is pending to fix Ruby 1.9


On Thu, Sep 10, 2009 at 4:11 PM, Grant H.