Update Ruby On Rails
Ruby on Rails has recently released patches for a critical security vulnerability affecting nearly all versions of Rails. It is critical that your Rails applications be updated to one of the following versions:
If you have a cPanel server, make sure you have cPanel’s daily updates running. cPanel versions
include the updated versions of Rails.
Updating With Bundler
If you’ve installed Rails using bundler and rubygems, make sure you have the latest version in your Gemfile:
You will have to restart your application for the new Rails version to take effect.
Updating with Just Rubygems
If you are not using bundler, you can simply use rubygems to update rails:
Note that this will update Rails to the most recent version. If you wish to run one of the other patched versions, you will need to specify it like so:
Your rails applications will need to be restarted in order for the updates to take effect.
If after updating you get the error message:
Invalid gemspec in [/usr/lib/ruby/gems/1.8/specifications/mail-2.4.4.gemspec]: invalid date format in specification: "2012-03-14 00:00:00.000000000Z"
Invalid gemspec in [/usr/lib/ruby/gems/1.8/specifications/tilt-1.3.3.gemspec]: invalid date format in specification: "2011-08-25 00:00:00.000000000Z"
Due to gemspecs having different date formats which may not validate correctly, you may see the above error. Gem may think that tilt or mail is not installed yet.
Update: As an update to this, the cPanel patch for all supported versions was released last night. The majority of updates should be done as cPanel upgrades happen tonight.