Or should that file go in radiant-0.9.1/vendor/rails/railties/configs/initializers ?
On Wednesday, January 9, 2013 4:53:52 AM UTC-6, Kevin Triplett wrote: > > Yes, I saw that, thanks. > > Okay, here's what I did, please tell me if this will not work. :) > > Added new file in radiant-0.9.1/config/initializers called rails.rb with > this single line: > > ActionController::Base.param_parsers.delete(Mime::XML) > > Thanks for your help! :D > > > On Wednesday, January 9, 2013 4:42:04 AM UTC-6, Jim Gay wrote: >> >> Kevin, >> >> See the rails security post here with details about getting around this >> problem. >> >> https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion >> >> >> >> On Wed, Jan 9, 2013 at 5:25 AM, Kevin Triplett <mopac...@gmail.com> >> wrote: >> > Hi Jim, >> > >> > What about us poor sods who are running 0.9 and unable to update >> Radiant? :) >> > >> > Kevin >> > >> > >> > On Wednesday, January 9, 2013 4:01:45 AM UTC-6, Jim Gay wrote: >> >> >> >> Radiant no longer keeps vendor/rails in the gem. It's loaded by the >> >> Gemfile. >> >> >> >> I've just pushed Radiant 1.1.1 with a dependency on Rails 2.3.15 >> >> >> >> Thanks for reporting this! >> >> >> >> On Wed, Jan 9, 2013 at 4:28 AM, Toine Diepstraten >> >> <toine.di...@googlemail.com> wrote: >> >> > Hi, >> >> > >> >> > an important security update for Rails 2.3 was released, read more >> about >> >> > it >> >> > here: >> >> > >> >> > >> >> > >> http://weblog.rubyonrails.org/2013/1/8/Rails-3-2-11-3-1-10-3-0-19-and-2-3-15-have-been-released/ >> >> >> > >> >> > >> >> > As I understand Radiant uses a vendor Rails 2.3.14 version. How can >> one >> >> > update Radiant to use the security fixed Rails 2.3.15 version? >> >> > >> >> > Thanks for any suggestions. >> >> > >> >> > Best, >> >> > Toine >> >> > >> >> >> >> >> >> >> >> -- >> >> Write intention revealing code #=> http://www.clean-ruby.com >> >> >> >> Jim Gay >> >> Saturn Flyer LLC >> >> 571-403-0338 >> >> >> >> -- >> Write intention revealing code #=> http://www.clean-ruby.com >> >> Jim Gay >> Saturn Flyer LLC >> 571-403-0338 >> >
