I've made a preliminary fix available in the 1.1 release branch (more details on the Collabo site, please check there).
Note that this doesn't represent a final patch; I want to understand a bit more about *why* Rails was patched in the way it was before I commit to one particular workaround. Problems to Ticket #196, please. Ever onwards, James On 8/10/06, Dewet Diener <[EMAIL PROTECTED]> wrote: > Dewet Diener wrote: > > We're rolling back to 1.1.4 for the moment > > Hmm, maybe not the best idea; one of the comments on DHH's > announcement: > > "Joel on 10 Aug 05:48: > > "I figured out how to fix Engines, but explaining it would give away the > exploit. It is very, very severe. If you use Engines you might want to > drop back to 1.1.3 which evidently is unaffected." > > I see DHH also just posted that 1.1.3 is unaffected, which means Engines > should start working again. I haven't checked; I'm still waiting for > the gems to install. > > d > > -- > Posted via http://www.ruby-forum.com/. > _______________________________________________ > engine-users mailing list > [email protected] > http://lists.rails-engines.org/listinfo.cgi/engine-users-rails-engines.org > -- * J * ~ _______________________________________________ engine-users mailing list [email protected] http://lists.rails-engines.org/listinfo.cgi/engine-users-rails-engines.org
