Comments on: Ruby Enterprise Edition 1.8.6-20090610 released: fixes BigDecimal DoS vulnerability

By: RUSSIAN BLACKEDITION » Blog Archive » Ruby / PODCAST Ruby NoName Podcast #12

Tue, 23 Jun 2009 01:40:43 +0000

[...] RubyEE fix for DoS [...]

By: Crónica de una vida - Aviso a navegantes – Actualizar Ruby y Ruby enterprise -DoS

Tue, 16 Jun 2009 21:09:25 +0000

[...] http://blog.phusion.nl/2009/06/10/ruby-enterprise-edition-186-20090610-released-fixes-bigdecimal-dos... [...]

By: hongli

hongli — Fri, 12 Jun 2009 18:51:08 +0000

No. All REE releases so far are binary compatible so you don’t have to reinstall your gems if you are upgrading from an older version of REE.

By: matte

matte — Fri, 12 Jun 2009 18:36:12 +0000

Is it necessary to reinstall the Apache Passenger module after the upgrade? I’m upgrading from 20090421.

(e)

By: Michael

Michael — Thu, 11 Jun 2009 08:32:47 +0000

Thanks hongli for your quick reply!

And by the way, as i’m already commenting, thanks for the great work on passenger and ree!

Cheers,
Michael.

By: hongli

hongli — Thu, 11 Jun 2009 08:29:52 +0000

Michael: REE is based on 1.8.6, so it doesn’t break BigDecimal#to_f.

By: Michael

Michael — Thu, 11 Jun 2009 08:24:59 +0000

Can anybody confirm that REE doesn’t break like described here:

http://www.getharvest.com/blog/2009/06/ruby-denial-of-service-patch-breaks-bigdecimal-to_f-method/

Thanks!

By: Shell Script to Upgrade Ruby Enterprise Edition while Maintaining Directory Naming Sanity « SmartLogic Solutions Blog

Thu, 11 Jun 2009 01:24:36 +0000

[...] already aware, a denial of service (DoS) vulnerability in Ruby’s BigDecimal library was uncovered, fixed and reported on June 9, 2009. Patching options [...]

By: Roderick van Domburg

Roderick van Domburg — Wed, 10 Jun 2009 21:20:52 +0000

Thanks for the swift response.

By: Tom Copeland

Tom Copeland — Wed, 10 Jun 2009 16:20:46 +0000

Sorry about that, back online now.