Gitorious 2.4.5 has been released

Gitorious 2.4.5 has just been released, and all Gitorious servers should be updated immediately. This release brings Gitorious up to Rails version 2.3.15, which solves a severe vulnerability in Ruby on Rails. There’s more information about this vulnerability on the Ruby on Rails security mailing list.

To upgrade to this version, follow one of the three following alternative fixes

If you’re running from a release in the 2.4 branch of Gitorious:

To upgrade a server running one of the releases in the 2.4 series of Gitorious, follow these steps:

  • git fetch origin 
  • git merge v2.4.5
  • bundle install
  • touch tmp/restart.txt (assuming you’re using Passenger. For non-Passenger deployments, restart your application server like you normally do)

If you’re running from the next branch of Gitorious (Rails 3):

The next branch of Gitorious has also been upgraded. For servers running from the next branch you should:

  • git pull git://gitorious.org/gitorious/mainline.git next
  • bundle install
  • restart you application server

If you’re running neither of the versions above:

If your server is not running from a version that can be upgraded, you can secure your server by following these manual steps

  • create the file config/initializers/fix_cve_2013_0156.rb inside your Gitorious installation with this content:
ActionController::Base.param_parsers.delete(Mime::XML)
  • restart your application server

3 Comments

  1. eviljoel
    Posted January 11, 2013 at 12:39 pm | Permalink

    Does this version address both CVE-2013-0155 and CVE-2013-0156 or just CVE-2013-0155 (the one you linked to). Thanks you.

  2. Marius Mathiesen
    Posted January 11, 2013 at 1:39 pm | Permalink

    @eviljoel: Both. 0155 is a Rails3-only vulnerability which is handled by the Rails update.

    This means that the manual patch suggested is irrelevant, as that applies to Rails 3 only.

  3. Posted December 6, 2013 at 7:12 pm | Permalink

    We know that Brocade 150-620 HTML5 Application Development Fundamentals examinations wouldn’t repeat the same set of questions all the time. Brocade certification examinations are stringent and focus is often kept on updated technology trends. The 150-620 exam questions organized by the professionals will help to condition your mind to promptly grasp what you could be facing in the Brocade 150-620 cert examination.


Post a Comment

Required fields are marked *

*
*

Follow

Get every new post delivered to your Inbox.

Join 715 other followers

%d bloggers like this: