After reading this security bulletin:
http://groups.google.com/group/rubyonrails-security/msg/7f57cd7794e1d1b4?pli=1
I am a bit confused as to which patch I should apply. My application is
currently running on a frozen copy of Rails 2.2.2. Reading the bulletin
it appears that I should instead the 2-2-CVE-2009-3009.patch for the
“2.2 series” of Rails. However, the patch introduces a test case that
references files that do not exist the 2.2.2, specifically,
MultibyteTestHelpers. In fact, in my frozen copy of 2.2.2, there isn’t
even a test folder.
Did I apply the wrong patch? Is my frozen copy of 2.2.2 incomplete? Is
there a mistake in the patch for the 2.2 series? Any help would be much
appreciated.
Thanks in advance,
Jason