安裝rails_admin會引起SafeYAML警告
[英]Installing rails_admin causes SafeYAML warning
問題描述
在“捆綁安裝”命令之后,似乎使用了某些舊版本的libyaml(請參見下文)。 按照說明進行操作不起作用,因為rails_admin是引擎(我想)。 任何想法如何解決這個問題?
SafeYAML Warning
----------------
You appear to have an outdated version of libyaml (0.1.5) installed on your system.
Prior to 0.1.6, libyaml is vulnerable to a heap overflow exploit from malicious YAML payloads.
For more info, see:
https://www.ruby-lang.org/en/news/2014/03/29/heap-overflow-in-yaml-uri-escape-parsing-cve-2014-2525/
The easiest thing to do right now is probably to update Psych to the latest version and enable
the 'bundled-libyaml' option, which will install a vendored libyaml with the vulnerability patched:
gem install psych -- --enable-bundled-libyaml
1 個解決方案
解決方案1
3 已采納 2014-04-23 23:22:59
只需3個步驟:
告訴捆綁器使用特定參數安裝
psych捆綁配置build.psych --enable-bundled-libyaml
指定新版本的
psych寶石的Gemfile(紅寶石2.0+附帶斗志2.0.0)寶石“心理”,“〜> 2.0.5”
運行捆綁器
在Rails 4.0.0中安裝rails_admin時無法加載nokogiri
[英]Cannot load nokogiri when installing rails_admin in rails 4.0.0
在 rails_admin 中指定父 controller 會導致棄用警告
[英]Specifying parent controller in rails_admin results in deprecation warning
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.