Hi, We have 3 old websites left running on our servers with Rails version 1.2.3 (Ruby 1.8.5). In light of the recent security vulnerabilities, does anyone know if its possible to patch rails 1.2.3 against these? (e.g. the YAML / XML issue) Unfortunately these sites are running customised cart systems, so an upgrade to rails 2.x/3.x looks like to be out of the question for now. Thanks -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit https://groups.google.com/groups/opt_out.
On Sun, Feb 3, 2013 at 10:54 PM, Mike Usmar <lists-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org> wrote:> Hi, > We have 3 old websites left running on our servers with Rails version > 1.2.3 (Ruby 1.8.5). > In light of the recent security vulnerabilities, does anyone know if its > possible to patch rails 1.2.3 against these? (e.g. the YAML / XML issue) >You can try to apply the patch manually using patch(1) and resolve the conflicts yourself.> Unfortunately these sites are running customised cart systems, so an > upgrade to rails 2.x/3.x looks like to be out of the question for now. >Upgrading to a sill maintained version of rails is the best long term option. Cheers, -- Nicolas Desprès -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit https://groups.google.com/groups/opt_out.
On Sunday, 3 February 2013 16:54:38 UTC-5, Ruby-Forum.com User wrote:> > Hi, > We have 3 old websites left running on our servers with Rails version > 1.2.3 (Ruby 1.8.5). > In light of the recent security vulnerabilities, does anyone know if its > possible to patch rails 1.2.3 against these? (e.g. the YAML / XML issue) > > Unfortunately these sites are running customised cart systems, so an > upgrade to rails 2.x/3.x looks like to be out of the question for now. > >Unless I''m missing something, the XML parsing code in 1.2.3 doesn''t appear to have the vulnerability, and the JSON-as-YAML parser (the source of the second security alert) didn''t exist in that version. --Matt Jons -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/rULu3Y-0gs8J. For more options, visit https://groups.google.com/groups/opt_out.