[Boulder-Denver Ruby Group] cgi.rb patch
Tony Arcieri
tony at clickcaster.com
Thu Oct 26 03:26:10 EDT 2006
Anyone running Mongrel and using it for file uploads will likely want to
install this:
http://mongrel.rubyforge.org/releases/cgi_multipart_eof_fix-1.0.0.gem
It's a patch for an as-yet-undisclosed DoS vulnerability in the Ruby cgi.rb's
multipart POST handling.
We were having our site wedge daily (we handle a LOT of file uploads through
multipart POSTs) with Mongrel until we got it installed.
--
Tony Arcieri
ClickCaster, Inc.
tony at clickcaster.com
(970) 232-4208
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://rubyforge.org/pipermail/bdrg-members/attachments/20061026/177777ae/attachment.html
More information about the Bdrg-members
mailing list