Upgrade to Rails 1.1.3 Now

Eric Hodel | Wed, 28 Jun 2006 19:05:35 GMT

Posted in

DHH writes:
We’ve found and fixed a security issue with routing that could cause excess CPU usage in Rails processes when triggered by certain URLs. We strongly encourage anyone running 1.1.x to upgrade to the latest version. It’s fully backwards compatible and should serve as a small drop-in fix.
While certain URLs cause excess CPU usage, other URLs cause Rails to shut down uncleanly or halt (depending upon deployment environment). You need to upgrade. (It appears that Rails 1.0 is not vulnerable to this DOS, but I haven't tested.) While you're upgrading, check your dispatch.fcgi, it should look like the current dispatch.fcgi. If it doesn't, you need to upgrade it. There are other DOSs in older versions of dispatch.fcgi. 2 comments

Comments RSS FEED

Cool. So, what is the correct process for upgrading to 1.1.3 or 1.1.4?

chuck said 18 days later

$ gem install rails

Double-check your public/dispatch.fcgi, it should have two lines of code.

Eric Hodel said 18 days later

Comments are disabled