[EPEL-devel] Rails stack update in EL5
Michael Stahnke
stahnma at puppetlabs.com
Wed Oct 22 17:14:40 UTC 2014
After a very long period of neglect, (sorry), I worked on updating the
rails stack in EPEL5 to 2.3.18. This includes activesupport, activerecord
and actionpack thus far. Rails still to come.
Moving from 2.1.x to 2.3.x *should* be a clean upgrade, but I know in some
cases it's not, as some security fixes required minor behavioral changes.
I'd appreciate karma and feedback here if anybody is still using this old
stack on EPEL5.
https://admin.fedoraproject.org/updates/rubygem-actionpack-2.3.18-1.el5,rubygem-activerecord-2.3.18-1.el5,rubygem-activesupport-2.3.18-1.el5?_csrf_token=11f945c29f20072b1ae91f5b343b10334ab92758
The bugs and CVEs addressed are plentiful.
- Bug 1095122 - CVE-2014-0130
- Bug 1095125 - CVE-2014-0130
- Bug 677626 - CVE-2011-0446
- Bug 677629 - CVE-2011-0446, CVE-2011-0447
- Bug 677631 - CVE-2011-0447
- Bug 731435 - CVE-2011-2932
- Bug 731438 - CVE-2011-2930
- Bug 731450 - CVE-2011-2932
- Bug 731453 - CVE-2011-2930
- Bug 744706 - CVE-2010-3933
- Bug 831583 - CVE-2012-2695
- Bug 843924 - CVE-2012-3424
- Bug 847202 - CVE-2013-0156
- Bug 891468 - CVE-2012-5664
- Bug 905373 - CVE-2013-0333
- Bug 921329 - CVE-2013-1854
- Bug 924297 - CVE-2013-1855, CVE-2013-1857
- Bug 924318 - CVE-2013-1854
- Bug 948706 - CVE-2013-0276
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/epel-devel/attachments/20141022/897d7ef6/attachment.html>
More information about the epel-devel
mailing list