跟上Ruby补丁程序级别的重要性如何?
[英]How important is it to keep up with Ruby patch levels?
问题描述
我运行了很多Rails应用程序,我只是想知道随着新补丁级别的发布,我是否应该升级ruby?
1 个解决方案
解决方案1
1 已采纳 2013-06-21 16:30:20
If the Ruby patches are specifically for security issues, then I would make these a priority to upgrade as soon as is possible. 
如果Ruby修补程序专门针对安全性问题,那么我将优先考虑尽快进行升级。 Having a good test suite makes this process much less stressful. 拥有良好的测试套件可以使此过程的压力减轻很多。
The more nuanced answer is that you should read the security releases and decide for yourself, but security issues are notoriously hard to think through the implications for. 更为细微的回答是,您应该阅读安全性发布并自行决定,但是众所周知,安全性问题很难通过其含义来思考。 So the rule of thumb is to Just Upgrade! 因此,经验法则是只需升级!
The worst case if you don't upgrade is that Bad Guys will exploit the loophole (because they can read security releases too), and gain access to your servers, steal your customer email and password database and delete all your data. 如果您不升级,最糟糕的情况是Bad Guys将利用漏洞(因为他们也可以读取安全版本)并获得对服务器的访问权限,窃取客户的电子邮件和密码数据库并删除所有数据。
Suddenly the process of upgrading doesn't sound so difficult! 突然升级过程听起来并不那么困难!
As a shameless plug, I'm building a service to alert you when your current Gems and Ruby version needs to be patched, so you won't forget. 作为一个无耻的插件,我正在构建一个服务来提醒您何时需要修补当前的Gems和Ruby版本,因此您不会忘记。 Sign up for early access at http://www.rubyaudit.com 在http://www.rubyaudit.com上注册以进行早期访问
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.