Hi, We have 3 old websites left running on our servers with Rails version 1.2.3 (Ruby 1.8.5). In light of the recent security vulnerabilities, does anyone know if its possible to patch rails 1.2.3 against these? (e.g. the YAML / XML issue)
Unfortunately these sites are running customised cart systems, so an upgrade to rails 2.x/3.x looks like to be out of the question for now.
Thanks
Hi,
We have 3 old websites left running on our servers with Rails version
1.2.3 (Ruby 1.8.5).
In light of the recent security vulnerabilities, does anyone know if its
possible to patch rails 1.2.3 against these? (e.g. the YAML / XML issue)
You can try to apply the patch manually using patch(1) and resolve the conflicts yourself.
Unfortunately these sites are running customised cart systems, so an
upgrade to rails 2.x/3.x looks like to be out of the question for now.
Upgrading to a sill maintained version of rails is the best long term option.
Cheers,
Unless I’m missing something, the XML parsing code in 1.2.3 doesn’t appear to have the vulnerability, and the JSON-as-YAML parser (the source of the second security alert) didn’t exist in that version.
–Matt Jons
Keep up to date with Rails on Twitter and This Week in Rails
Policies: Conduct, License, Maintenance, Security, Trademarks