10 | February | 2011

Problem
After the announcements in the previous posts about the security vulnerabilities in Rails 3.0.3, you would like to update your application and deploy with the latest 3.0.4 version.

Solution

Change your Gemfile to replace
gem 'rails', '3.0.3'
with
gem 'rails', '3.0.4'
Run:
bundle update rails
Remove the old gems by using:
git status
and then
git rm name_of_3.0.3_gem
Add the new gems to your git
git add vendor/cache
Check in to your repository the new files
git commit vendor/cache -m 'upgrade to rails 3.0.4'
Make sure that you also check in both your Gemfile and Gemfile.lock into your git repository
git commit Gemfile Gemfile.lock -m 'update Gemfiles to use 3.0.4'
otherwise when you try to deploy you will see the error:
You have modified your Gemfile in development but did not check the resulting snapshot (Gemfile.lock) into version control
push everything to your git repository:
git push
Deploy your application with capistrano as usual:
cap deploy
Your new gems for 3.0.4 should be installed on the share/bundle folder

M	T	W	T	F	S	S
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28

42

Web notebook about thoughts and discoveries in DevOps, SRE, Software Engineering….

Daily Archives: 10 February 2011

Upgrading your Rails 3.0.3 application

Potential SQL Injection with limit() CVE-2011-0448

Filter Problems on Case Insensitive Filesystems CVE-2011-0449

Potential XSS Problem with mail_to :encode => :javascript Options

CSRF Bypass Risk CVE-2011-0447