On Mon, Jun 23, 2008 at 3:59 PM, David Shettler <[EMAIL PROTECTED]> wrote: > Hey all, patched ruby on my development and production environments > to 1.8.6-p230 to address these new ruby vulnerabilities: > > > http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/ >
I still think those are not vulnerabilities but bugs, anyway... > mongrel began segfaulting after restarting. > > Then tried ruby 1.8.7-p22 and upgrading to rails 2.1.0 (from rails > 2.0.2), same issue. Had to revert back to the vulnerable GA 1.8.6. > 1.8.7 is not a good thing to try, for your own health, stay away from it, even more for production. 1.8.6-p111 seems stable to me, even with those "vulnerabilities" around it. > Running centos 4, mongrel 1.1.5 (tried 1.1.3, 1.1.4 as well, all same > results). > > Any further info I can provide, I'd be glad to. > I suggest you read this post from Ruby On Rails weblog: http://weblog.rubyonrails.com/2008/6/21/multiple-ruby-security-vulnerabilities More important: read the comments, are more valuable than the blog post itself. Regards, -- Luis Lavena AREA 17 - Human beings, who are almost unique in having the ability to learn from the experience of others, are also remarkable for their apparent disinclination to do so. Douglas Adams _______________________________________________ Mongrel-users mailing list Mongrel-users@rubyforge.org http://rubyforge.org/mailman/listinfo/mongrel-users
