I tried upgrading my older 1.8.6 Ruby install to the latest stable 1.8.6 release, version 1.8.6-p230 specifically, to benefit from the latest security updates.
I used this configuration:
./configure --prefix=/usr/local --enable-pthread --with-readline-dir=/usr
I'm using mod_rails, so after the Ruby install I restarted Apache. I then found every Rails app on the box was non-functional, only loading blank white screens, with this same error appearing in all the logs:
ActionView::TemplateError (wrong argument type FalseClass (expected Proc))
So I hurried to rebuild my passenger/mod_rails module, thinking that perhaps some header file in Ruby may have changed, but it didn't help. Needing to get the sites back up I reverted back to my old (insecure) version of Ruby.
So then.. if you look at http://ruby-lang.org, it's promoting Ruby version 1.8.7 as the latest stable release. It actually took me a few minutes of poking around on the site there to find a current 1.8.6 release, which then broke all my Rails apps when I tried it. And then if you look on Peak Obsession it says Ruby version 1.8.7 "still has some bugs to straighten out" which seems rather confusing since it's being promoted ruby-lang.org as stable. Then, if you go to http://wiki.rubyonrails.com/ you will find a blog entry where it says if you use Rails 2.1.0 you need Ruby 1.8.7?!? Then finally, I can't get one of my Rails apps to work with Rails 2.1.0 because of an issue with respond_to? (which I posted in a separate thread earlier).
So with regards to the recent public security issues with Ruby, what am I supposed to do?
Thanks,
