[Mongrel] patched ruby seems to break mongrel?

Luis Lavena luislavena at gmail.com
Mon Jun 23 10:15:25 EDT 2008

On Mon, Jun 23, 2008 at 3:59 PM, David Shettler
<dave at opensecurityfoundation.org> wrote:
> Hey all,  patched ruby on my development and production environments
> to 1.8.6-p230 to address these new ruby vulnerabilities:
>  http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/

I still think those are not vulnerabilities but bugs, anyway...

> mongrel began segfaulting after restarting.
> Then tried ruby 1.8.7-p22 and upgrading to rails 2.1.0 (from rails
> 2.0.2), same issue.  Had to revert back to the vulnerable GA 1.8.6.

1.8.7 is not a good thing to try, for your own health, stay away from
it, even more for production.

1.8.6-p111 seems stable to me, even with those "vulnerabilities" around it.

> Running centos 4, mongrel 1.1.5 (tried 1.1.3, 1.1.4 as well, all same results).
> Any further info I can provide, I'd be glad to.

I suggest you read this post from Ruby On Rails weblog:


More important: read the comments, are more valuable than the blog post itself.

Luis Lavena
Human beings, who are almost unique in having the ability to learn from
the experience of others, are also remarkable for their apparent
disinclination to do so.
Douglas Adams

More information about the Mongrel-users mailing list