http://blog.segment7.net/articles/2006/06/28/upgrade-to-rails-1-1-3-now en-us 40 The Blog DHH <a href="http://weblog.rubyonrails.org/2006/6/27/rails-1-1-3-security-fix-and-minor-fixes">writes</a>: <blockquote>We&rsquo;ve found and fixed a security issue with routing that could cause excess CPU usage in Rails processes when triggered by certain URLs. We strongly encourage anyone running 1.1.x to upgrade to the latest version. It&rsquo;s fully backwards compatible and should serve as a small drop-in fix.</blockquote> While certain URLs cause excess CPU usage, other URLs cause Rails to shut down uncleanly or halt (depending upon deployment environment). You <strong>need</strong> to upgrade. (It appears that Rails 1.0 is not vulnerable to this DOS, but I haven't tested.) While you're upgrading, check your dispatch.fcgi, it should look like <a href="http://dev.rubyonrails.org/browser/trunk/railties/dispatches/dispatch.fcgi">the current dispatch.fcgi</a>. If it doesn't, you need to upgrade it. There are other DOSs in older versions of dispatch.fcgi. Wed, 28 Jun 2006 12:05:35 -0700 urn:uuid:2202d76a-83da-443f-a68c-d28eb9f09db0 drbrain@segment7.net (Eric Hodel) http://blog.segment7.net/articles/2006/06/28/upgrade-to-rails-1-1-3-now Rails <p>$ gem install rails</p> <p>Double-check your public/dispatch.fcgi, it should have two lines of code.</p> Sun, 16 Jul 2006 21:37:22 -0700 urn:uuid:77c7bb44-05e1-4e88-93ae-c0002d2dc2d4 http://blog.segment7.net/articles/2006/06/28/upgrade-to-rails-1-1-3-now#comment-283 <p>Cool. So, what is the correct process for upgrading to 1.1.3 or 1.1.4?</p> Sun, 16 Jul 2006 21:07:02 -0700 urn:uuid:6fe933da-5f85-47ee-a50e-55aa59f83873 http://blog.segment7.net/articles/2006/06/28/upgrade-to-rails-1-1-3-now#comment-282