diff options
author | Xavier Noria <fxn@hashref.com> | 2009-11-19 01:31:57 +0100 |
---|---|---|
committer | Xavier Noria <fxn@hashref.com> | 2009-11-19 01:31:57 +0100 |
commit | 78c1127a631a628aae54b7febaf9be2e0982e609 (patch) | |
tree | 346e750f38f61fd0af5f0374021ec0afadd17ca5 /activesupport | |
parent | 2ddbef421cb877bc219ac2737bbba793c53edbde (diff) | |
download | rails-78c1127a631a628aae54b7febaf9be2e0982e609.tar.gz rails-78c1127a631a628aae54b7febaf9be2e0982e609.tar.bz2 rails-78c1127a631a628aae54b7febaf9be2e0982e609.zip |
documents that the REXML security fix is still needed to support all 1.8.7 patchlevels
Diffstat (limited to 'activesupport')
-rw-r--r-- | activesupport/lib/active_support/core_ext/rexml.rb | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/activesupport/lib/active_support/core_ext/rexml.rb b/activesupport/lib/active_support/core_ext/rexml.rb index 5288b639a6..0419ebc84b 100644 --- a/activesupport/lib/active_support/core_ext/rexml.rb +++ b/activesupport/lib/active_support/core_ext/rexml.rb @@ -2,7 +2,10 @@ require 'active_support/core_ext/kernel/reporting' # Fixes the rexml vulnerability disclosed at: # http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/ -# This fix is identical to rexml-expansion-fix version 1.0.1 +# This fix is identical to rexml-expansion-fix version 1.0.1. +# +# We still need to distribute this fix because albeit the REXML +# in recent 1.8.7s is patched, it wasn't in early patchlevels. require 'rexml/rexml' # Earlier versions of rexml defined REXML::Version, newer ones REXML::VERSION |