I tried upgrading my older 1.8.6 Ruby install to the latest stable
1.8.6 release, version 1.8.6-p230 specifically, to benefit from the
latest security updates.
I used this configuration:
./configure --prefix=/usr/local --enable-pthread --with-readline-dir=/usr
I'm using mod_rails, so after the Ruby install I restarted Apache. I
then found every Rails app on the box was non-functional, only loading
blank white screens, with this same error appearing in all the logs:
ActionView::TemplateError (wrong argument type FalseClass (expected Proc))
So I hurried to rebuild my passenger/mod_rails module, thinking that
perhaps some header file in Ruby may have changed, but it didn't help.
Needing to get the sites back up I reverted back to my old (insecure)
version of Ruby.
So then.. if you look at http://ruby-lang.org, it's promoting Ruby
version 1.8.7 as the latest stable release. It actually took me a few
minutes of poking around on the site there to find a current 1.8.6
release, which then broke all my Rails apps when I tried it. And then
if you look on http://rubyonrails.com/down it says Ruby version 1.8.7
"still has some bugs to straighten out" which seems rather confusing
since it's being promoted ruby-lang.org as stable. Then, if you go to
http://wiki.rubyonrails.com/ you will find a blog entry where it says
if you use Rails 2.1.0 you need Ruby 1.8.7?!? Then finally, I can't
get one of my Rails apps to work with Rails 2.1.0 because of an issue
with respond_to? (which I posted in a separate thread earlier).
So with regards to the recent public security issues with Ruby, what
am I supposed to do?