Jan 162013
 

Update Ruby On Rails
Ruby on Rails has recently released patches for a critical security vulnerability affecting nearly all versions of Rails. It is critical that your Rails applications be updated to one of the following versions:
3.2.11
3.1.10
3.0.10
2.3.15
If you have a cPanel server, make sure you have cPanel’s daily updates running. cPanel versions
11.35.0.4
11.34.1.7
11.32.5.18
11.30.7.6
include the updated versions of Rails.

Updating With Bundler
If you’ve installed Rails using bundler and rubygems, make sure you have the latest version in your Gemfile:

# rails '3.2.11'

Then run:

# bundle update rails

You will have to restart your application for the new Rails version to take effect.
 

Updating with Just Rubygems
If you are not using bundler, you can simply use rubygems to update rails:

# gem update rails

Note that this will update Rails to the most recent version. If you wish to run one of the other patched versions, you will need to specify it like so:

# gem install rails -v 2.3.15

Your rails applications will need to be restarted in order for the updates to take effect.
  

Errors
If after updating you get the error message:

[[email protected]] ~ >> rails -v
Invalid gemspec in [/usr/lib/ruby/gems/1.8/specifications/mail-2.4.4.gemspec]: invalid date format in specification: "2012-03-14 00:00:00.000000000Z"
Invalid gemspec in [/usr/lib/ruby/gems/1.8/specifications/tilt-1.3.3.gemspec]: invalid date format in specification: "2011-08-25 00:00:00.000000000Z"
Rails 3.2.11

run

sed -i 's/ 00:00:00.000000000Z//' /usr/lib/ruby/gems/1.8/specifications/*

Due to gemspecs having different date formats which may not validate correctly, you may see the above error. Gem may think that tilt or mail is not installed yet.

[[email protected]] ~ >> rails -v
Rails 3.2.11

  

Update: As an update to this, the cPanel patch for all supported versions was released last night. The majority of updates should be done as cPanel upgrades happen tonight.

Share This!
 Posted by at 6:56 am

Sorry, the comment form is closed at this time.