[typo] Security fix for rails (routing)

Gary Shewan gpsnospam at gmail.com
Wed Jun 28 10:23:36 EDT 2006

A lot of people might have already seen this, but some might not  
have.  I wonder if this is the cause of some spiking processes that  
some people have seen?

> Rails 1.1.3: Security fix and minor fixes
> We’ve found and fixed a security issue with routing that could  
> cause excess CPU usage in Rails processes when triggered by certain  
> URLs. We strongly encourage anyone running 1.1.x to upgrade to the  
> latest version. It’s fully backwards compatible and should serve as  
> a small drop-in fix.
> If you’re running the latest Edge Rails, though, there’s no need to  
> update. We’ve rewritten the routes functionality on edge and the  
> new version doesn’t have this problem.
> To upgrade, you as always can just do: gem install rails --include- 
> dependencies
> Note: This release doesn’t include any of the new CRUD/resource- 
> based features. All of the new features we’ve been working on over  
> the last couple of months will become available in 1.2.0, which is  
> scheduled for “soonish”. This 1.1.3 release is purely to address  
> the security issue and another few minor fixes that were available  
> on the STABLE branch as well.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://rubyforge.org/pipermail/typo-list/attachments/20060628/b3d0388c/attachment.html 

More information about the Typo-list mailing list