Critical Rails security update, Rails 3.0.20

[Jason Stirnaman]

Rails 3.0.20 was released Jan 28 and includes another critical security fix for yaml -> json vulnerabilities. I sent a pull request for BibApp/master after applying it to our production BibApp.

The only trouble I had when updating was Bundler not finding the correct activesupport gem, this happened on my development machine too, but maybe for different reasons. After removing and reinstalling the gem - and, in production, making sure I started Passenger with the correct Ruby :/ - then everything was good.

More information about the fix: http://weblog.rubyonrails.org/

Also, as you may have heard, Rubygems.org was recently compromised. If you'd like to verify the authenticity of your installed gems there are some sample shell scripts for that at https://gist.github.com/raggi/4678189#file-validate_local_cache_openssl-sh-L4

Jason