[Ruby] Major Security Hole Found In Rails
Jeffrey Hulten
jhulten at gmail.com
Fri Aug 11 11:12:29 PDT 2006
If you are not running from a vendor copy, make sure the following is set
right in your environment.rb...
# Be sure to restart your web server when you modify this file.
# Uncomment below to force Rails into production mode when
# you don't control web/app server and can't set it the proper way
# ENV['RAILS_ENV'] ||= 'production'
# Specifies gem version of Rails to use when vendor/rails is not present
RAILS_GEM_VERSION = '1.1.6'
On 8/11/06, Scott Laird <scott at sigkill.org> wrote:
>
> On 8/10/06, Joe Van Dyk <joevandyk at gmail.com> wrote:
> > On 8/10/06, Ryan Davis <ryand-ruby at zenspider.com> wrote:
> > >
> > > On Aug 10, 2006, at 3:30 PM, Raymond Forbes wrote:
> > >
> > > > When you upgrade rails how does that affect your currently built
> > > > apps? Is there an upgrade process for them?
> > >
> > > All of my deployed sites have a "frozen" checkout of rails under
> > > vendor/rails. I run a rake task to update that checkout to the new
> > > version I want (see my blog for the specific rake task) and run
> > > tests. I never run on edge, so nothing ever breaks (yet).
> >
> > You'd think that would be the preferred way of doing Rails sites,
> > instead of dealing with gems.
>
> It *is* the preferred way of dealing with Rails sites.
>
>
> Scott
> _______________________________________________
> Ruby at zenspider.com
> http://www.zenspider.com/seattle.rb
> http://www.zenspider.com/mailman/listinfo/ruby
>
--
Jeffrey Hulten
jhulten at gmail.com
More information about the Ruby
mailing list