[英]Installing rails_admin causes SafeYAML warning
在“捆綁安裝”命令之后,似乎使用了某些舊版本的libyaml(請參見下文)。 按照說明進行操作不起作用,因為rails_admin是引擎(我想)。 任何想法如何解決這個問題?
SafeYAML Warning
----------------
You appear to have an outdated version of libyaml (0.1.5) installed on your system.
Prior to 0.1.6, libyaml is vulnerable to a heap overflow exploit from malicious YAML payloads.
For more info, see:
https://www.ruby-lang.org/en/news/2014/03/29/heap-overflow-in-yaml-uri-escape-parsing-cve-2014-2525/
The easiest thing to do right now is probably to update Psych to the latest version and enable
the 'bundled-libyaml' option, which will install a vendored libyaml with the vulnerability patched:
gem install psych -- --enable-bundled-libyaml
只需3個步驟:
告訴捆綁器使用特定參數安裝psych
捆綁配置build.psych --enable-bundled-libyaml
指定新版本的psych
寶石的Gemfile(紅寶石2.0+附帶斗志2.0.0)
寶石“心理”,“〜> 2.0.5”
運行捆綁器
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.