similar to: [SECURITY] DOS In cgi.rb Announced, Upgrade Your Ruby

Displaying 20 results from an estimated 1100 matches similar to: "[SECURITY] DOS In cgi.rb Announced, Upgrade Your Ruby"

2006 Oct 25
14
[SEC] Mongrel Temporary Fix For cgi.rb 99% CPU DoS Attack
This is important so please read this message very carefully. There is a DoS for Ruby''s cgi.rb that is easily exploitable. The attack involves sending a malformed multipart MIME body in an HTTP request. The full explanation of the attack as well as how to fix it RIGHT NOW is given below. Most of the work was done by Jeremy Kemper and Jamis Buck. They did all the work of building the
2006 Aug 19
0
Experiment in Online Mongrel Chat Support
Hi Folks, I was playing with Lingr today (http://www.lingr.com) and kind of like it, so I thought I''d setup a little room and see how it works for answering Mongrel questions. http://www.lingr.com/room/3yXhqKbfPy8 I''ll be hanging there for a while and we''ll see how it works out. If it works well, and doesn''t turn into a nastier-than-IRC situation then I may
2007 Feb 09
0
mongrel, gem & cgi_multipart_eof_fix updates
This might just have affected my particular setup but thought it might be worth noting for others. >gem -v 0.9.2 >gem list --local cgi_multipart_eof_fix (1.0.0) Fix an exploitable bug in CGI multipart parsing which affects Ruby <= 1.8.5. mongrel (1.0.1, 1.0, 0.3.20, 0.3.18, 0.3.13.4) A small fast HTTP library and server that runs Rails, Camping, Nitro and Iowa apps.
2006 Sep 03
10
Documentation Day!
I''m spending today writing documentation. I''ll be updating quite a few documents, doing some edits, and adding some user contributed docs. If anyone has documentation suggestions, FAQ questions they''d like included, or things they think are old and stale, then let me know. Swing by the Lingr room: http://www.lingr.com/room/3yXhqKbfPy8 And drop me a line if you want
2007 Aug 14
1
can not delete pid fils when stopping mongrel_cluster
Hi all, i im using Capistrano2 to deploy my rails app and Apache/Mongrel as it''s env. All is well except deploy:rollback task. the following is log messages when running cap deploy:rollback : [DEPRECATION] Capistrano.configuration is deprecated. Use Capistrano:: Configuration.instance instead * executing `deploy:rollback'' * executing `deploy:rollback_code'' *
2006 Sep 03
4
Mongrel 0.3.13.4 Pre-Release -- Docs and more Docs
Hi Everyone, Just want to get out another ping on the Mongrel pre-release saga. I''ve updated a bunch of the documentation to include documents people have donated and to beef up the FAQ for most of the questions people have asked over the past month. INSTALL gem install mongrel --source=http://mongrel.rubyforge.org/releases/ CHANGES * Fixed memory leak by switching to Sync rather
2006 Aug 23
0
Recommendation: Install The Real MySQL Driver
Hi Folks, I''ve been receiving lots of reports of the following problems: 1) Huge pauses. 2) Slow response on heavy queries. 3) Lost MySQL connections. 4) General database failures. What I''ve been able to confirm is that this is almost always caused by people using the default mysql.rb that comes with rails in their production setups. ****** Please, if you run your Rails
2007 May 14
3
A Ferret/AAF success story
Hello everyone- We recently added full archives search to Lingr (http://www.lingr.com), and we used Ferret/AAF to do it. I''ve written a blog post with some details of that integration, and I thought some of you might be interested. See http://blog.lingr.com/2007/05/we_heart_ferret.html. I''m grateful to the authors of Ferret and AAF, as well as to all the people in this forum
2006 Aug 18
8
- Lingr is born
Hello everyone- In the spirit of previous Rails-based product announcements that I''ve seen here, I''m pleased to announce Rails'' newest progeny, at http://www.lingr.com. Lingr is a community site where you can chat about your current interests, in realtime, right in your browser. You can find related topics, meet new people, and just have fun in general.
2008 May 10
2
Camping-Omnibus Doesn''t Work With Ruby v1.8.6
I''ve noticed that the copy of Mongrel installed by the camping-omnibus gem doesn''t work with Ruby 1.8.6. Or to be more specific, cgi_multipart_eof_fix (which Mongrel is dependent upon) doesn''t work: > $ sudo gem install mongrel --source http://code.whytheluckystiff.net > > ERROR: Error installing mongrel: > cgi_multipart_eof_fix requires Ruby version
2006 Nov 25
2
Mongrel 0.3.18 PR -- Lightning Fast Turnaround
Alright folks, I put in a fix for camping and added the patch by Thomas Hurst for the accf_http deferred accept settings for FreeBSD. As usual, please test this release out and let me know if it has any additional problems. I''ll be working on win32 builds today and tomorrow with Luis. Install with: sudo gem install fastthread --source=http://mongrel.rubyforge.org/releases sudo gem
2006 Nov 24
4
[OT] I Finally Got an Atom Feed
Hi folks, I took a break from Mongrel today and instead whipped up an Atom feed generator for my site. People who love or utterly hate my essays will lover or utterly hate to subscribe to it. http://www.zedshaw.com/feed.atom Let me know if it isn''t working well in your favorite feed reader. -- Zed A. Shaw, MUDCRAP-CE Master Black Belt Sifu http://www.zedshaw.com/
2006 Sep 07
5
Mongrel Ultimate Deployment Certified Rails Aptitude Program
I''m proud to announce the official Mongrel certification program: http://mongrel.rubyforge.org/certified.html Move quick, seats are filling fast for the RubyConf courses. -- Zed A. Shaw http://www.zedshaw.com/ http://mongrel.rubyforge.org/ http://www.lingr.com/room/3yXhqKbfPy8 -- Come get help.
2007 Sep 23
1
Newbie confusion.
Hello, I am new to Rails and the Linux world coming from 12 years of advanced VB programming. I am writing to try and clear up some confusion on my part about installing Mongrel. Please don''t take this as a rant, I do appreciate the effort that y''all put into the community, but as a newbie, I was, and still am confused. I want to learn about Mongrel, so it found
2007 Jun 28
7
You Will All Die In 1 Week (Mongrel To Require 1.8.6)
Hopefully that gets everyone''s attention. Evan Weaver has whined enough to make me do a release to change the requirements on the Mongrel gem so that it doesn''t need the cgi_multipart_eof_fix anymore. *************************** THIS ALSO MEANS THAT MONGREL WILL HAVE TO REQUIRE RUBY 1.8.6 OR GREATER! NO EXCEPTIONS! *************************** I know Debian guys like to hack
2006 Dec 27
0
Thanks For The Present!
Alright Mongrel people, thanks for contributing to the mayhem around popularity by making me the official King of the Internet. In case you all missed it, here''s my blog post on my first act as King: http://www.zedshaw.com/blog/2006-12-26.html Stay tuned for pedro. I want to make this reign very democratic and chaotic. (I wonder if the Nitro folks will help with pedro?) The whole
2006 Dec 28
0
An Even Better Thank You!
I really wanted to thank everyone personally for voting for me, but man I don''t have the time. So, like a good programmer I just automated it with espeak: $ speak -w thank_you_everyone.wav -s 168 -v en/en-f -p 60 -a 120 -l 50 -f who.txt $ lame -V2 thank_you_everyone.wav thank_you_everyone.mp3 And now you all get a personalized thanks from some electronic British woman:
2006 Oct 19
0
Typo in Apache docs causing MSIE problems?
Someone contacted me earlier today and pointed out this typo in the mongrel apache documentation: "the following line: BrowserMatch bMSIE !no-gzip !gzip-only-text/html must be written instead as: BrowserMatch \bMSIE !no-gzip !gzip-only-text/html The effect of this typo is that files that are not caught by previously listed rules, such as all *.css and *.js files are never deflated for MSIE
2006 Oct 30
0
[RFC] Mongrel Books Page?
There seems to be a bunch of books now that either mention Mongrel or focus on it or will focus on it. I''ve got my book, but the more books that people can easily get in as many languages as possible benefits Mongrel and everyone. Soooo, I''m gonna start a "Books" page that will list all the books that talk about Mongrel. Send me your book, a small abstract, and the
2007 Feb 19
0
Hello world
Hi- Danny Burkes here from Lingr (http://www.lingr.com). We''re evaluating bdrb and so far, so good. It''s deployed in staging now and seems to be working fine. I have a couple of questions that I couldn''t find references to in the archive, so here it goes- 1. Is there any way to do a "graceful" stop of bdrb? What I mean is, I want to stop bdrb,