[Mongrel] [SEC] Mongrel Temporary Fix For cgi.rb 99% CPU DoS Attack
Ian C. Blenke
ian at blenke.com
Thu Oct 26 10:11:36 EDT 2006
Zed A. Shaw wrote:
>If you ever get desperate for a previous pre-release of Mongrel, you can just go here:
>And find almost everything for all time.
Yes. I've done this on occasion, that is a _very_ useful resource. Thank
you for leaving it up!
>BTW, how was 0.3.14 pre-release for you? I've got reports it somehow breaks X-Sendfile support.
We haven't experienced a problem with it yet.
In lingr chat, Evan mentioned his problem was with apache2.2, camping,
We're using debian ruby 1.8.4-1, apache 2.2.3, mod_proxy_balancer, no
camping, and mongrel 0.3.13.5 (is this pre-0.3.14?) plus the patch for
svn rev 356, and ruby cvs cgi.rb rev 1.19. I haven't seen any missing
file errors in the apache logs since the upgrade from 0.3.13.3.
- Ian C. Blenke <ian at blenke.com> http://ian.blenke.com/
More information about the Mongrel-users