Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

documents that the REXML security fix is still needed to support all …

…1.8.7 patchlevels
  • Loading branch information...
commit 78c1127a631a628aae54b7febaf9be2e0982e609 1 parent 2ddbef4
@fxn fxn authored
Showing with 4 additions and 1 deletion.
  1. +4 −1 activesupport/lib/active_support/core_ext/rexml.rb
View
5 activesupport/lib/active_support/core_ext/rexml.rb
@@ -2,7 +2,10 @@
# Fixes the rexml vulnerability disclosed at:
# http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/
-# This fix is identical to rexml-expansion-fix version 1.0.1
+# This fix is identical to rexml-expansion-fix version 1.0.1.
+#
+# We still need to distribute this fix because albeit the REXML
+# in recent 1.8.7s is patched, it wasn't in early patchlevels.
require 'rexml/rexml'
# Earlier versions of rexml defined REXML::Version, newer ones REXML::VERSION
Please sign in to comment.
Something went wrong with that request. Please try again.