[Mongrel] [SEC] Mongrel Temporary Fix For cgi.rb 99% CPU DoS Attack

Ian C. Blenke ian at blenke.com
Thu Oct 26 10:11:36 EDT 2006


Zed A. Shaw wrote:

>If you ever get desperate for a previous pre-release of Mongrel, you can just go here:
>
>http://mongrel.rubyforge.org/releases/gems/
>
>And find almost everything for all time.
>  
>

Yes. I've done this on occasion, that is a _very_ useful resource. Thank 
you for leaving it up!

>BTW, how was 0.3.14 pre-release for you?  I've got reports it somehow breaks X-Sendfile support.
>  
>

We haven't experienced a problem with it yet.

In lingr chat, Evan mentioned his problem was with apache2.2, camping, 
and 0.3.14.

We're using debian ruby 1.8.4-1, apache 2.2.3, mod_proxy_balancer, no 
camping, and mongrel 0.3.13.5 (is this pre-0.3.14?) plus the patch for 
svn rev 356, and ruby cvs cgi.rb rev 1.19. I haven't seen any missing 
file errors in the apache logs since the upgrade from 0.3.13.3.

- Ian C. Blenke <ian at blenke.com> http://ian.blenke.com/



More information about the Mongrel-users mailing list