Hi,
We have 3 old websites left running on our servers with Rails version
1.2.3 (Ruby 1.8.5).
In light of the recent security vulnerabilities, does anyone know if its
possible to patch rails 1.2.3 against these? (e.g. the YAML / XML issue)
Unfortunately these sites are running customised cart systems, so an
upgrade to rails 2.x/3.x looks like to be out of the question for now.
Thanks
On Sun, Feb 3, 2013 at 10:54 PM, Mike U. [email protected]
wrote:
Hi,
We have 3 old websites left running on our servers with Rails version
1.2.3 (Ruby 1.8.5).
In light of the recent security vulnerabilities, does anyone know if its
possible to patch rails 1.2.3 against these? (e.g. the YAML / XML issue)
You can try to apply the patch manually using patch(1) and resolve the
conflicts yourself.
Unfortunately these sites are running customised cart systems, so an
upgrade to rails 2.x/3.x looks like to be out of the question for now.
Upgrading to a sill maintained version of rails is the best long term
option.
Cheers,
–
Nicolas D.
On Sunday, 3 February 2013 16:54:38 UTC-5, Ruby-Forum.com User wrote:
Unless I’m missing something, the XML parsing code in 1.2.3 doesn’t
appear
to have the vulnerability, and the JSON-as-YAML parser (the source of
the
second security alert) didn’t exist in that version.
–Matt Jons
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs