On Wed, 25 Oct 2006 19:51:58 -0400 "Ian C. Blenke" <[EMAIL PROTECTED]> wrote:
> Zed A. Shaw wrote: > > >There is a DoS for Ruby's cgi.rb that is easily exploitable. The attack > >involves sending a malformed multipart MIME body in an HTTP request. The > >full explanation of the attack as well as how to fix it RIGHT NOW is given > >below. > Using 0.3.13.5 + the revision 356 patch (not really sure how necessary > that was), along with replacing cgi.rb, has solved most of our mongrel woes. > If you ever get desperate for a previous pre-release of Mongrel, you can just go here: http://mongrel.rubyforge.org/releases/gems/ And find almost everything for all time. BTW, how was 0.3.14 pre-release for you? I've got reports it somehow breaks X-Sendfile support. -- Zed A. Shaw, MUDCRAP-CE Master Black Belt Sifu http://www.zedshaw.com/ http://safari.oreilly.com/0321483502 -- The Mongrel Book http://mongrel.rubyforge.org/ http://www.lingr.com/room/3yXhqKbfPy8 -- Come get help. _______________________________________________ Mongrel-users mailing list [email protected] http://rubyforge.org/mailman/listinfo/mongrel-users
