Hi,
We have 3 old websites left running on our servers with Rails version
1.2.3 (Ruby 1.8.5).
In light of the recent security vulnerabilities, does anyone know if its
possible to patch rails 1.2.3 against these? (e.g. the YAML / XML issue)
Unfortunately these sites are running customised cart systems, so an
upgrade to rails 2.x/3.x looks like to be out of the question for now.
Unless I’m missing something, the XML parsing code in 1.2.3 doesn’t appear to have the vulnerability, and the JSON-as-YAML parser (the source of the second security alert) didn’t exist in that version.