We have applied the XSS vulnerability patch to the Rails 2.2.2 codebase and built our own version of the 2.2.2 gems. When we run with this patched 2.2.2, we are seeing high CPU usage which seems to be a direct result of the additional UTF-8 checking. Unfortunately it has increased CPU load so much that we are no longer able to keep up with the requests coming in. One idea we''ve had is to try to minimize the use of tag helpers in our application, but that seems like a pretty drastic step to take considering that before the patch we had plenty of headroom. The increase in CPU load is high enough that it seems like there could be room for optimization in this patch. Has anyone else run into this issue? Does anyone know of a good way to improve performance in this area?
Someone else had the same problem and posted a ticket to Lighthouse with a workaround patch. The patch completely fixes our problem. https://rails.lighthouseapp.com/projects/8994/tickets/3181-patch-activesupportmultibyteclean-is-very-slow On Sep 10, 3:15 pm, Grant Hutchins <goo...-+t7YEsJE2jvOF0IEen2rekM9+F4ksjoh@public.gmane.org> wrote:> We have applied the XSS vulnerability patch to the Rails 2.2.2 > codebase and built our own version of the 2.2.2 gems. > > When we run with this patched 2.2.2, we are seeing high CPU usage > which seems to be a direct result of the additional UTF-8 checking. > Unfortunately it has increased CPU load so much that we are no longer > able to keep up with the requests coming in. > > One idea we''ve had is to try to minimize the use of tag helpers in our > application, but that seems like a pretty drastic step to take > considering that before the patch we had plenty of headroom. The > increase in CPU load is high enough that it seems like there could be > room for optimization in this patch. > > Has anyone else run into this issue? Does anyone know of a good way to > improve performance in this area?
Applied. Another 2.3 point release is pending to fix Ruby 1.9 compatibility. Best, jeremy On Thu, Sep 10, 2009 at 4:11 PM, Grant Hutchins <google-+t7YEsJE2jvOF0IEen2rekM9+F4ksjoh@public.gmane.org> wrote:> > Someone else had the same problem and posted a ticket to Lighthouse > with a workaround patch. > > The patch completely fixes our problem. > > https://rails.lighthouseapp.com/projects/8994/tickets/3181-patch-activesupportmultibyteclean-is-very-slow > > On Sep 10, 3:15 pm, Grant Hutchins <goo...-+t7YEsJE2jvOF0IEen2rekM9+F4ksjoh@public.gmane.org> > wrote: >> We have applied the XSS vulnerability patch to the Rails 2.2.2 >> codebase and built our own version of the 2.2.2 gems. >> >> When we run with this patched 2.2.2, we are seeing high CPU usage >> which seems to be a direct result of the additional UTF-8 checking. >> Unfortunately it has increased CPU load so much that we are no longer >> able to keep up with the requests coming in. >> >> One idea we''ve had is to try to minimize the use of tag helpers in our >> application, but that seems like a pretty drastic step to take >> considering that before the patch we had plenty of headroom. The >> increase in CPU load is high enough that it seems like there could be >> room for optimization in this patch. >> >> Has anyone else run into this issue? Does anyone know of a good way to >> improve performance in this area? > > >