Yes, I saw that, thanks. Okay, here's what I did, please tell me if this will not work. :)
Added new file in radiant-0.9.1/config/initializers called rails.rb with this single line: ActionController::Base.param_parsers.delete(Mime::XML) Thanks for your help! :D On Wednesday, January 9, 2013 4:42:04 AM UTC-6, Jim Gay wrote: > > Kevin, > > See the rails security post here with details about getting around this > problem. > > https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion > > > > On Wed, Jan 9, 2013 at 5:25 AM, Kevin Triplett > <mopac...@gmail.com<javascript:>> > wrote: > > Hi Jim, > > > > What about us poor sods who are running 0.9 and unable to update > Radiant? :) > > > > Kevin > > > > > > On Wednesday, January 9, 2013 4:01:45 AM UTC-6, Jim Gay wrote: > >> > >> Radiant no longer keeps vendor/rails in the gem. It's loaded by the > >> Gemfile. > >> > >> I've just pushed Radiant 1.1.1 with a dependency on Rails 2.3.15 > >> > >> Thanks for reporting this! > >> > >> On Wed, Jan 9, 2013 at 4:28 AM, Toine Diepstraten > >> <toine.di...@googlemail.com> wrote: > >> > Hi, > >> > > >> > an important security update for Rails 2.3 was released, read more > about > >> > it > >> > here: > >> > > >> > > >> > > http://weblog.rubyonrails.org/2013/1/8/Rails-3-2-11-3-1-10-3-0-19-and-2-3-15-have-been-released/ > > >> > > >> > > >> > As I understand Radiant uses a vendor Rails 2.3.14 version. How can > one > >> > update Radiant to use the security fixed Rails 2.3.15 version? > >> > > >> > Thanks for any suggestions. > >> > > >> > Best, > >> > Toine > >> > > >> > >> > >> > >> -- > >> Write intention revealing code #=> http://www.clean-ruby.com > >> > >> Jim Gay > >> Saturn Flyer LLC > >> 571-403-0338 > > > > -- > Write intention revealing code #=> http://www.clean-ruby.com > > Jim Gay > Saturn Flyer LLC > 571-403-0338 >