Monday, February 4, 2013
On Sunday, 3 February 2013 16:54:38 UTC-5, Ruby-Forum.com User wrote:
Hi,
We have 3 old websites left running on our servers with Rails version
1.2.3 (Ruby 1.8.5).
In light of the recent security vulnerabilities, does anyone know if its
possible to patch rails 1.2.3 against these? (e.g. the YAML / XML issue)
Unfortunately these sites are running customised cart systems, so an
upgrade to rails 2.x/3.x looks like to be out of the question for now.
Unless I'm missing something, the XML parsing code in 1.2.3 doesn't appear to have the vulnerability, and the JSON-as-YAML parser (the source of the second security alert) didn't exist in that version.
--Matt Jons
-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/rULu3Y-0gs8J.
For more options, visit https://groups.google.com/groups/opt_out.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment