Hopefully that gets everyone's attention. Evan Weaver has whined enough to make me do a release to change the requirements on the Mongrel gem so that it doesn't need the cgi_multipart_eof_fix anymore.
*************************** THIS ALSO MEANS THAT MONGREL WILL HAVE TO REQUIRE RUBY 1.8.6 OR GREATER! NO EXCEPTIONS! *************************** I know Debian guys like to hack things up so that they can keep their users happy, but I have no idea what anyone else is doing. In one week I'll release a maintenance version of mongrel that will NOT require cgi_multipart_eof_fix AND __WILL__ require Ruby 1.8.6. People who have problems with this better step up and help with testing or coming up with an alternative solution. As it stands now, either Evan gets to ridicule me for having the fix required in an attempt to protect everyone, or I force everyone to upgrade, or I leave everyone hanging and their applications are all vulnerable. I'm kind of stuck. == What Needs To Happen 1) Look at the version number of your Ruby and whether your OS includes the fix already for older versions. Report this to me if your OS is retarded and is using an vulnerable Ruby. 2) Tell me if doing the upgrade will make your entire world implode. If this means you'll have to actually do an upgrade for once then I guess you better get ready to spend the weekend working. 3) If it looks like way too many people are impacted by requiring 1.8.6 then I'll need another solution. Thanks for your help folks. -- Zed A. Shaw - Hate: http://savingtheinternetwithhate.com/ - Good: http://www.zedshaw.com/ - Evil: http://yearofevil.com/ _______________________________________________ Mongrel-users mailing list Mongrel-users@rubyforge.org http://rubyforge.org/mailman/listinfo/mongrel-users
