documents that the REXML security fix is still needed to support all 1.8.7 patchlevels

author: Xavier Noria <fxn@hashref.com> 2009-11-19 01:31:57 +0100
committer: Xavier Noria <fxn@hashref.com> 2009-11-19 01:31:57 +0100
commit: 78c1127a631a628aae54b7febaf9be2e0982e609 (patch)
tree: 346e750f38f61fd0af5f0374021ec0afadd17ca5 /activesupport/lib/active_support/core_ext/rexml.rb
parent: 2ddbef421cb877bc219ac2737bbba793c53edbde (diff)
download: rails-78c1127a631a628aae54b7febaf9be2e0982e609.tar.gz
rails-78c1127a631a628aae54b7febaf9be2e0982e609.tar.bz2
rails-78c1127a631a628aae54b7febaf9be2e0982e609.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/activesupport/lib/active_support/core_ext/rexml.rb b/activesupport/lib/active_support/core_ext/rexml.rb
index 5288b639a6..0419ebc84b 100644
--- a/activesupport/lib/active_support/core_ext/rexml.rb
+++ b/activesupport/lib/active_support/core_ext/rexml.rb
@@ -2,7 +2,10 @@ require 'active_support/core_ext/kernel/reporting'
 
 # Fixes the rexml vulnerability disclosed at:
 # http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/
-# This fix is identical to rexml-expansion-fix version 1.0.1
+# This fix is identical to rexml-expansion-fix version 1.0.1.
+#
+# We still need to distribute this fix because albeit the REXML
+# in recent 1.8.7s is patched, it wasn't in early patchlevels.
 require 'rexml/rexml'
 
 # Earlier versions of rexml defined REXML::Version, newer ones REXML::VERSION
author	Xavier Noria <fxn@hashref.com>	2009-11-19 01:31:57 +0100
committer	Xavier Noria <fxn@hashref.com>	2009-11-19 01:31:57 +0100
commit	78c1127a631a628aae54b7febaf9be2e0982e609 (patch)
tree	346e750f38f61fd0af5f0374021ec0afadd17ca5 /activesupport/lib/active_support/core_ext/rexml.rb
parent	2ddbef421cb877bc219ac2737bbba793c53edbde (diff)
download	rails-78c1127a631a628aae54b7febaf9be2e0982e609.tar.gz rails-78c1127a631a628aae54b7febaf9be2e0982e609.tar.bz2 rails-78c1127a631a628aae54b7febaf9be2e0982e609.zip