Question on the XSS Security Patch

After reading this security bulletin:

http://groups.google.com/group/rubyonrails-security/msg/7f57cd7794e1d1b4?pli=1

I am a bit confused as to which patch I should apply. My application is
currently running on a frozen copy of Rails 2.2.2. Reading the bulletin
it appears that I should instead the 2-2-CVE-2009-3009.patch for the
“2.2 series” of Rails. However, the patch introduces a test case that
references files that do not exist the 2.2.2, specifically,
MultibyteTestHelpers. In fact, in my frozen copy of 2.2.2, there isn’t
even a test folder.

Did I apply the wrong patch? Is my frozen copy of 2.2.2 incomplete? Is
there a mistake in the patch for the 2.2 series? Any help would be much
appreciated.

Thanks in advance,
Jason

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs