On Sunday, 3 February 2013 16:54:38 UTC-5, Ruby-Forum.com User wrote: > > Hi, > We have 3 old websites left running on our servers with Rails version > 1.2.3 (Ruby 1.8.5). > In light of the recent security vulnerabilities, does anyone know if its > possible to patch rails 1.2.3 against these? (e.g. the YAML / XML issue) > > Unfortunately these sites are running customised cart systems, so an > upgrade to rails 2.x/3.x looks like to be out of the question for now. > > Unless I'm missing something, the XML parsing code in 1.2.3 doesn't appear to have the vulnerability, and the JSON-as-YAML parser (the source of the second security alert) didn't exist in that version.
--Matt Jons -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscr...@googlegroups.com. To post to this group, send email to rubyonrails-talk@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/rULu3Y-0gs8J. For more options, visit https://groups.google.com/groups/opt_out.
