From 78c1127a631a628aae54b7febaf9be2e0982e609 Mon Sep 17 00:00:00 2001
From: Xavier Noria <fxn@hashref.com>
Date: Thu, 19 Nov 2009 01:31:57 +0100
Subject: documents that the REXML security fix is still needed to support all
 1.8.7 patchlevels

---
 activesupport/lib/active_support/core_ext/rexml.rb | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'activesupport/lib/active_support/core_ext')

diff --git a/activesupport/lib/active_support/core_ext/rexml.rb b/activesupport/lib/active_support/core_ext/rexml.rb
index 5288b639a6..0419ebc84b 100644
--- a/activesupport/lib/active_support/core_ext/rexml.rb
+++ b/activesupport/lib/active_support/core_ext/rexml.rb
@@ -2,7 +2,10 @@ require 'active_support/core_ext/kernel/reporting'
 
 # Fixes the rexml vulnerability disclosed at:
 # http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/
-# This fix is identical to rexml-expansion-fix version 1.0.1
+# This fix is identical to rexml-expansion-fix version 1.0.1.
+#
+# We still need to distribute this fix because albeit the REXML
+# in recent 1.8.7s is patched, it wasn't in early patchlevels.
 require 'rexml/rexml'
 
 # Earlier versions of rexml defined REXML::Version, newer ones REXML::VERSION
-- 
cgit v1.2.3