similar to: [SECURITY] DOS In cgi.rb Announced, Upgrade Your Ruby

This is important so please read this message very carefully. There is a DoS for Ruby''s cgi.rb that is easily exploitable. The attack involves sending a malformed multipart MIME body in an HTTP request. The full explanation of the attack as well as how to fix it RIGHT NOW is given below. Most of the work was done by Jeremy Kemper and Jamis Buck. They did all the work of building the

Hi Folks, I was playing with Lingr today (http://www.lingr.com) and kind of like it, so I thought I''d setup a little room and see how it works for answering Mongrel questions. http://www.lingr.com/room/3yXhqKbfPy8 I''ll be hanging there for a while and we''ll see how it works out. If it works well, and doesn''t turn into a nastier-than-IRC situation then I may

This might just have affected my particular setup but thought it might be worth noting for others. >gem -v 0.9.2 >gem list --local cgi_multipart_eof_fix (1.0.0) Fix an exploitable bug in CGI multipart parsing which affects Ruby <= 1.8.5. mongrel (1.0.1, 1.0, 0.3.20, 0.3.18, 0.3.13.4) A small fast HTTP library and server that runs Rails, Camping, Nitro and Iowa apps.

I''m spending today writing documentation. I''ll be updating quite a few documents, doing some edits, and adding some user contributed docs. If anyone has documentation suggestions, FAQ questions they''d like included, or things they think are old and stale, then let me know. Swing by the Lingr room: http://www.lingr.com/room/3yXhqKbfPy8 And drop me a line if you want

Hi all, i im using Capistrano2 to deploy my rails app and Apache/Mongrel as it''s env. All is well except deploy:rollback task. the following is log messages when running cap deploy:rollback : [DEPRECATION] Capistrano.configuration is deprecated. Use Capistrano:: Configuration.instance instead * executing `deploy:rollback'' * executing `deploy:rollback_code'' *

Hi Everyone, Just want to get out another ping on the Mongrel pre-release saga. I''ve updated a bunch of the documentation to include documents people have donated and to beef up the FAQ for most of the questions people have asked over the past month. INSTALL gem install mongrel --source=http://mongrel.rubyforge.org/releases/ CHANGES * Fixed memory leak by switching to Sync rather

Hi Folks, I''ve been receiving lots of reports of the following problems: 1) Huge pauses. 2) Slow response on heavy queries. 3) Lost MySQL connections. 4) General database failures. What I''ve been able to confirm is that this is almost always caused by people using the default mysql.rb that comes with rails in their production setups. ****** Please, if you run your Rails

Hello everyone- We recently added full archives search to Lingr (http://www.lingr.com), and we used Ferret/AAF to do it. I''ve written a blog post with some details of that integration, and I thought some of you might be interested. See http://blog.lingr.com/2007/05/we_heart_ferret.html. I''m grateful to the authors of Ferret and AAF, as well as to all the people in this forum

Hello everyone- In the spirit of previous Rails-based product announcements that I''ve seen here, I''m pleased to announce Rails'' newest progeny, at http://www.lingr.com. Lingr is a community site where you can chat about your current interests, in realtime, right in your browser. You can find related topics, meet new people, and just have fun in general.

I''ve noticed that the copy of Mongrel installed by the camping-omnibus gem doesn''t work with Ruby 1.8.6. Or to be more specific, cgi_multipart_eof_fix (which Mongrel is dependent upon) doesn''t work: > $ sudo gem install mongrel --source http://code.whytheluckystiff.net > > ERROR: Error installing mongrel: > cgi_multipart_eof_fix requires Ruby version

Alright folks, I put in a fix for camping and added the patch by Thomas Hurst for the accf_http deferred accept settings for FreeBSD. As usual, please test this release out and let me know if it has any additional problems. I''ll be working on win32 builds today and tomorrow with Luis. Install with: sudo gem install fastthread --source=http://mongrel.rubyforge.org/releases sudo gem

Hi folks, I took a break from Mongrel today and instead whipped up an Atom feed generator for my site. People who love or utterly hate my essays will lover or utterly hate to subscribe to it. http://www.zedshaw.com/feed.atom Let me know if it isn''t working well in your favorite feed reader. -- Zed A. Shaw, MUDCRAP-CE Master Black Belt Sifu http://www.zedshaw.com/

I''m proud to announce the official Mongrel certification program: http://mongrel.rubyforge.org/certified.html Move quick, seats are filling fast for the RubyConf courses. -- Zed A. Shaw http://www.zedshaw.com/ http://mongrel.rubyforge.org/ http://www.lingr.com/room/3yXhqKbfPy8 -- Come get help.

Hello, I am new to Rails and the Linux world coming from 12 years of advanced VB programming. I am writing to try and clear up some confusion on my part about installing Mongrel. Please don''t take this as a rant, I do appreciate the effort that y''all put into the community, but as a newbie, I was, and still am confused. I want to learn about Mongrel, so it found

Hopefully that gets everyone''s attention. Evan Weaver has whined enough to make me do a release to change the requirements on the Mongrel gem so that it doesn''t need the cgi_multipart_eof_fix anymore. *************************** THIS ALSO MEANS THAT MONGREL WILL HAVE TO REQUIRE RUBY 1.8.6 OR GREATER! NO EXCEPTIONS! *************************** I know Debian guys like to hack

Alright Mongrel people, thanks for contributing to the mayhem around popularity by making me the official King of the Internet. In case you all missed it, here''s my blog post on my first act as King: http://www.zedshaw.com/blog/2006-12-26.html Stay tuned for pedro. I want to make this reign very democratic and chaotic. (I wonder if the Nitro folks will help with pedro?) The whole

I really wanted to thank everyone personally for voting for me, but man I don''t have the time. So, like a good programmer I just automated it with espeak: $ speak -w thank_you_everyone.wav -s 168 -v en/en-f -p 60 -a 120 -l 50 -f who.txt $ lame -V2 thank_you_everyone.wav thank_you_everyone.mp3 And now you all get a personalized thanks from some electronic British woman:

Someone contacted me earlier today and pointed out this typo in the mongrel apache documentation: "the following line: BrowserMatch bMSIE !no-gzip !gzip-only-text/html must be written instead as: BrowserMatch \bMSIE !no-gzip !gzip-only-text/html The effect of this typo is that files that are not caught by previously listed rules, such as all *.css and *.js files are never deflated for MSIE

There seems to be a bunch of books now that either mention Mongrel or focus on it or will focus on it. I''ve got my book, but the more books that people can easily get in as many languages as possible benefits Mongrel and everyone. Soooo, I''m gonna start a "Books" page that will list all the books that talk about Mongrel. Send me your book, a small abstract, and the

Hi- Danny Burkes here from Lingr (http://www.lingr.com). We''re evaluating bdrb and so far, so good. It''s deployed in staging now and seems to be working fine. I have a couple of questions that I couldn''t find references to in the archive, so here it goes- 1. Is there any way to do a "graceful" stop of bdrb? What I mean is, I want to stop bdrb,