2.2.3 tag and gem missing

3 views
Skip to first unread message

Tom Simnett

unread,
Sep 23, 2009, 10:11:38 AM9/23/09
to Ruby on Rails: Core
Hi,

I've been asking around in IRC and looking around. It appears that
while http://weblog.rubyonrails.org/2009/9/4/xss-vulnerability-in-ruby-on-rails
specifically mentions 2.2.3, there isn't a tag for it, and nor is it
available as a gem. This means that for those of us using gems on our
production platforms, we're unable to upgrade.

Any ideas when or if this is going to be sorted?

Cheers,

Tom

Nick Quaranto

unread,
Sep 23, 2009, 10:57:09 AM9/23/09
to rubyonra...@googlegroups.com
Perhaps the easiest way to get around this is to just update to 2-2-stable. If your version of Rails is vendored, you could follow these instructions to freeze it to 2-2-stable (obviously replace 2-3-stable with 2-2-stable): http://help.hoptoadapp.com/faqs/troubleshooting-2/upgrading-to-the-latest-stable-rails

-Nick

Tom Simnett

unread,
Sep 23, 2009, 1:02:36 PM9/23/09
to Ruby on Rails: Core
This is one way. However, we don't vendor Rails. We keep it as a gem,
managed by our server management platform.

I could build my own gem, but this then means what is effectively an
unnecessary addition to the platform than just changing the required
version.

It would make sense to me that if a version is announced, that there
is an easy way to get that version.

On Sep 23, 3:57 pm, Nick Quaranto <n...@quaran.to> wrote:
> Perhaps the easiest way to get around this is to just update to 2-2-stable.
> If your version of Rails is vendored, you could follow these instructions to
> freeze it to 2-2-stable (obviously replace 2-3-stable with 2-2-stable):http://help.hoptoadapp.com/faqs/troubleshooting-2/upgrading-to-the-la...
>
> -Nick
>
> On Wed, Sep 23, 2009 at 10:11 AM, Tom Simnett
> <tom+goo...@initforthe.com<tom%2Bgoo...@initforthe.com>
>
> > wrote:
>
> > Hi,
>
> > I've been asking around in IRC and looking around. It appears that
> > while
> >http://weblog.rubyonrails.org/2009/9/4/xss-vulnerability-in-ruby-on-r...

Michael Koziarski

unread,
Sep 23, 2009, 6:16:15 PM9/23/09
to rubyonra...@googlegroups.com
> This is one way. However, we don't vendor Rails. We keep it as a gem,
> managed by our server management platform.
>
> I could build my own gem, but this then means what is effectively an
> unnecessary addition to the platform than just changing the required
> version.
>
> It would make sense to me that if a version is announced, that there
> is an easy way to get that version.

We messed up here. I've pushed the tag now, gems should follow within
24 hours. If you wish to help us along there can you please fetch
that tag and make sure everything works right in your application?


--
Cheers

Koz

Reply all
Reply to author
Forward
0 new messages