blog comments 0 del.icio.us bookmarks 0 diggs 0 Google results 0

6.7
PostRank

DoS Vulnerabilities in REXML

Riding Rails - home From Riding Rails - home, 3 months ago, 0 views

The ruby-security team have published an advisory about a DoS bug affecting REXML users. Most rails applications will be affected by this vulnerability and you’re strongly advised to take the mitigating steps recommended in the advisory.

The announcement contains details describing the monkeypatch solution, but to summarise:

Versions 2.0.2 and earlier

  1. Copy the fix file into RAILS_ROOT/lib
  2. Require the file from environment.rb require ‘rexml-expansion-fix’

Versions 2.1.0 and edge

Copy the fix file into RAILS_ROOT/config/initializers, it will be required automatically.

The fix will be made available as a gem in the next 24 hours to aid distribution, this post will be updated with revised upgrade instructions at that time. If you wish to access the gem early you can build it for yourself from the source. After installing the gem you should require it from environment.rb. The fix file and the gem are identical.

comments

No comments yet.

You must be logged in to add your own comment.