macdiggs.com

I started getting weird

(eval):2:in `protect_against_forgery?'

error from one of my Rails2-based system today. Mongrels were seg-faulting as well. The problem was quite unexpected as I have not touched the code for a while!

Turned out the problem was with the latest upgrade to ruby 1.8.6 patch level 230 (which is recommended by the Ruby on Rails site). And looks like this was the only system re-deployed (and restarted under new ruby version) since I have upgraded.

Now I'm back to p111, "vulnerable", but at least working version until problems sort themselves out.

Until they do, do not upgrade!

UPDATE:

Looks like the is a patch which addresses vulnerabilities which patch 230 addressed in turn. Check here for details. However, I'll just stick here for a couple of days for a real fix from the Ruby team.

Mongrel, which, along with Apache 2.2 & load balancer & mongrel cluster, I run for hosting my Rails site - is a very nice piece of software. But there is a problem. It crashes.

I found about it the hard way - by a phone call at 0:30 in the morning, saying "the server seems to be down". "Doh", I though - and got out of my comfy bad.. Got to my computer, logged in to the server, restarted Mongrel cluster and got back to sleep (you can always check the logs later in the morning, right? :) (more…)