Ruby on Rails に極めて深刻な脆弱性
リリースノート - http://weblog.rubyonrails.org/2013/1/8/Rails-3-2-11-3-1-10-3-0-19-and-2-3-15-have-been-released/
@IT - http://www.atmarkit.co.jp/ait/articles/1301/10/news081.html
Tech Racho - http://techracho.bpsinc.jp/baba/2013_01_10/6487
3.2.11、3.1.10、3.0.19、2.3.15 がリリースされた模様。
$ rails -v Rails 3.2.9
やったー、該当してたよ。
ということでバージョンアップの備忘録。
sudo gem update --system
Gemの最新化。gemもバージョンが上がっていたらしいので update。
$ gem -v 1.8.23 $ sudo gem update --system Password: Updating rubygems-update Fetching: rubygems-update-1.8.24.gem (100%) Successfully installed rubygems-update-1.8.24 Installing RubyGems 1.8.24 RubyGems 1.8.24 installed == 1.8.24 / 2012-04-27 * 1 bug fix: * Install the .pem files properly. Fixes #320 * Remove OpenSSL dependency from the http code path ------------------------------------------------------------------------------ RubyGems installed the following executables: /opt/local/bin/gem1.9 RubyGems system software updated $ gem -v 1.8.24
sudo gem update rake
rake の最新化、こっちは最新だった。
$ rake --version rake, version 10.0.3 $ sudo gem update rake Password: Updating installed gems Nothing to update
sudo gem update rails
rails の最新化。
$ sudo gem update rails Updating installed gems Updating rails Fetching: activesupport-3.2.11.gem (100%) Fetching: activemodel-3.2.11.gem (100%) Fetching: actionpack-3.2.11.gem (100%) Fetching: activerecord-3.2.11.gem (100%) Fetching: activeresource-3.2.11.gem (100%) Fetching: actionmailer-3.2.11.gem (100%) Fetching: railties-3.2.11.gem (100%) Fetching: rails-3.2.11.gem (100%) Successfully installed activesupport-3.2.11 Successfully installed activemodel-3.2.11 Successfully installed actionpack-3.2.11 Successfully installed activerecord-3.2.11 Successfully installed activeresource-3.2.11 Successfully installed actionmailer-3.2.11 Successfully installed railties-3.2.11 Successfully installed rails-3.2.11 Gems updated: activesupport, activemodel, actionpack, activerecord, activeresource, actionmailer, railties, rails Installing ri documentation for activesupport-3.2.11... Installing ri documentation for activemodel-3.2.11... Installing ri documentation for actionpack-3.2.11... Installing ri documentation for activerecord-3.2.11... Installing ri documentation for activeresource-3.2.11... Installing ri documentation for actionmailer-3.2.11... Installing ri documentation for railties-3.2.11... Installing ri documentation for rails-3.2.11... Installing RDoc documentation for activesupport-3.2.11... Installing RDoc documentation for activemodel-3.2.11... Installing RDoc documentation for actionpack-3.2.11... Installing RDoc documentation for activerecord-3.2.11... Installing RDoc documentation for activeresource-3.2.11... Installing RDoc documentation for actionmailer-3.2.11... Installing RDoc documentation for railties-3.2.11... Installing RDoc documentation for rails-3.2.11... $ rails -v Rails 3.2.11
bundle update rails
bundleもアップデート。
$ cd rails_project_home $ bundle update rails Fetching gem metadata from http://rubygems.org/........... Fetching gem metadata from http://rubygems.org/.. Enter your password to install the bundled RubyGems to your system: Using rake (10.0.3) Using i18n (0.6.1) Using multi_json (1.5.0) Using activesupport (3.2.11) Using builder (3.0.4) Using activemodel (3.2.11) Using erubis (2.7.0) Using journey (1.0.4) Installing rack (1.4.3) Using rack-cache (1.2) Using rack-test (0.6.2) Using hike (1.2.1) Using tilt (1.3.3) Using sprockets (2.2.2) Using actionpack (3.2.11) Using mime-types (1.19) Using polyglot (0.3.3) Using treetop (1.4.12) Using mail (2.4.4) Using actionmailer (3.2.11) Using arel (3.0.2) Using tzinfo (0.3.35) Using activerecord (3.2.11) Using activeresource (3.2.11) Using bundler (1.2.3) Installing json (1.7.6) with native extensions Using rack-ssl (1.3.2) Using rdoc (3.12) Using thor (0.16.0) Using railties (3.2.11) Using rails (3.2.11) Using sqlite3 (1.3.6) Your bundle is updated! Use `bundle show [gemname]` to see where a bundled gem is installed. $ bundle show rails /opt/local/lib/ruby1.9/gems/1.9.1/gems/rails-3.2.11