Tracks | Which versions of Tracks are vulnerable to the current Rails vulnerabilities?

Which versions of Tracks are vulnerable to the current Rails vulnerabilities?

emory

Posted: 12 August 2006 02:33 PM

[ Ignore ]

Newbie

Total Posts: 18

Joined 2006-07-26

It is unclear to me which versions of Tracks are vulnerable.

I have pulled the trunk today and noticed that recently rails 1.1.6 was quietly committed. Are you going to put out a notification of some sort about previous versions shipping with vulnerable rails in vendor/?

Which versions should people be steering clear of?

Is there an official upgrade path from 1041 to something less ugly?

FWIW I had success simply swapping out 1041’s vendor/ for the one out of the trunk.

lukemelia

Posted: 13 August 2006 03:36 AM

[ Ignore ] [ # 1 ]

Member

Total Posts: 62

Joined 2006-07-18

Bsag will post something to the project blogs soon, but here’s the scoop:

The trunk has moved to 1.1.6, which includes the fixes to the vulnerability. As you’ve no dount figured out, the trunk is at http://www.rousette.org.uk/svn/tracks-repos/trunk

I also patched 1.041 with the security patch released by Rais Core and checked this in as 1.042. The svn url for this new version is at http://www.rousette.org.uk/svn/tracks-repos/tags/tracks-1.042

Happy (and safe) GTDing!

Signature

Luke Melia - Tracks committer - New York, NY - http://www.lukemelia.com/

bsag

Posted: 13 August 2006 11:42 AM

[ Ignore ] [ # 2 ]

Administrator

Total Posts: 217

Joined 2006-03-05

I’ve zipped up 1.042 for download, and included upgrade instructions:

Tracks 1.042

‹‹ token changes when preferences do can’t get update to 1.042 to work ››

Username:		Password:
	Remember Me?		forgot password?
You are here: Forum Home > Usage > Troubleshooting > Thread