Ruby Buzz Forum - Upgrade to Rails 1.1.3 Now

Articles |
News |
Weblogs |
Books |
Forums

Artima Forums | Articles | Weblogs | Java Answers | News

Sponsored Link •

Ruby Buzz Forum
Upgrade to Rails 1.1.3 Now

0 replies on 1 page.

Welcome Guest
Sign In

Back to Topic List

Reply to this Topic

Search Forum

Threaded View


Previous Topic		Next Topic

Flat View: This topic has 0 replies on 1 page

Eric Hodel

Posts: 660
Nickname: drbrain
Registered: Mar, 2006

Eric Hodel is a long-time Rubyist and co-founder of Seattle.rb.

Upgrade to Rails 1.1.3 Now

Posted: Jun 28, 2006 1:43 PM

This post originated from an RSS feed registered with Ruby Buzz by Eric Hodel.
Original Post: Upgrade to Rails 1.1.3 Now Feed Title: Segment7 Feed URL: http://blog.segment7.net/articles.rss Feed Description: Posts about and around Ruby, MetaRuby, ruby2c, ZenTest and work at The Robot Co-op.	Latest Ruby Buzz Posts Latest Ruby Buzz Posts by Eric Hodel Latest Posts From Segment7

DHH writes:

We’ve found and fixed a security issue with routing that could cause excess CPU usage in Rails processes when triggered by certain URLs. We strongly encourage anyone running 1.1.x to upgrade to the latest version. It’s fully backwards compatible and should serve as a small drop-in fix.

While certain URLs cause excess CPU usage, other URLs cause Rails to shut down uncleanly or halt (depending upon deployment environment). You need to upgrade. (It appears that Rails 1.0 is not vulnerable to this DOS, but I haven’t tested.)

While you’re upgrading, check your dispatch.fcgi, it should look like the current dispatch.fcgi. If it doesn’t, you need to upgrade it. There are other DOSs in older versions of dispatch.fcgi.

Read: Upgrade to Rails 1.1.3 Now

Previous Topic

Next Topic


	Web Artima.com