This is one way. However, we don't vendor Rails. We keep it as a gem, managed by our server management platform.
I could build my own gem, but this then means what is effectively an unnecessary addition to the platform than just changing the required version. It would make sense to me that if a version is announced, that there is an easy way to get that version. On Sep 23, 3:57 pm, Nick Quaranto <[email protected]> wrote: > Perhaps the easiest way to get around this is to just update to 2-2-stable. > If your version of Rails is vendored, you could follow these instructions to > freeze it to 2-2-stable (obviously replace 2-3-stable with > 2-2-stable):http://help.hoptoadapp.com/faqs/troubleshooting-2/upgrading-to-the-la... > > -Nick > > On Wed, Sep 23, 2009 at 10:11 AM, Tom Simnett > <[email protected]<tom%[email protected]> > > > wrote: > > > Hi, > > > I've been asking around in IRC and looking around. It appears that > > while > >http://weblog.rubyonrails.org/2009/9/4/xss-vulnerability-in-ruby-on-r... > > specifically mentions 2.2.3, there isn't a tag for it, and nor is it > > available as a gem. This means that for those of us using gems on our > > production platforms, we're unable to upgrade. > > > Any ideas when or if this is going to be sorted? > > > Cheers, > > > Tom --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en -~----------~----~----~----~------~----~------~--~---
