Home » ChiliProject 2.11.0 released: Security Update

ChiliProject 2.11.0 released: Security Update

ChiliProject 2.11.0 has just been released. This release is a security release to fix security issues in Rails (CVE-2013-1854 among other security advisories not relevant to ChiliProject).

This release contains no other bug fixes or new features and is released for users who are unable to upgrade to ChiliProject 3.8.0. It is suitable for use on production websites running ChiliProject 2.x. While the issue can only be exploited for DoS attacks, we urge all ChiliProject administrators to update their installation immediately.

Download ChiliProject 2.11.0

What’s included

2.11.0 contains a security fix for Rails (CVE-2013-1854) which is handled by enforcing an updated version of this dependency to ChiliProject. For details on the issues, please refer to the linked post on the Ruby On Rails security mailing list and the corresponding Rails 2.3.18 announcement on the Ruby on Rails blog.

The corresponding ChiliProject bug is:

  • Security – Bug #1252: Update Rails to 2.3.18

How to upgrade

Please follow the Upgrade Guide in our Wiki. Make sure to run bundle update during the upgrade procedure to install the new version of Rails. If you omit this step, you will receive an error message instructing you do update the bundle and ChiliProject will refuse to start.

2 comments

  1. $ git fetch
    remote: Counting objects: 98, done.
    remote: Compressing objects: 100% (32/32), done.
    remote: Total 61 (delta 44), reused 46 (delta 29)
    Unpacking objects: 100% (61/61), done.
    From https://github.com/chiliproject/chiliproject
    63976e6..dfb7785 master -> origin/master
    63976e6..93de0ba stable -> origin/stable
    60b699e..1855439 stable-2.x -> origin/stable-2.x
    52b568f..8be500d unstable -> origin/unstable
    * [new tag] v3.8.0 -> v3.8.0

    Where is 2.11.0?

Comments are closed.