Ruby on rails 安装rails\u admin会导致安全警告
在“bundle install”命令之后,似乎使用了一些旧版本的libyaml(见下文)。因为rails_admin是一个引擎(我猜),所以按照说明操作是不起作用的。你知道如何解决这个问题吗Ruby on rails 安装rails\u admin会导致安全警告,ruby-on-rails,rails-admin,libyaml,Ruby On Rails,Rails Admin,Libyaml,在“bundle install”命令之后,似乎使用了一些旧版本的libyaml(见下文)。因为rails_admin是一个引擎(我猜),所以按照说明操作是不起作用的。你知道如何解决这个问题吗 SafeYAML Warning ---------------- You appear to have an outdated version of libyaml (0.1.5) installed on your system. Prior to 0.1.6, libyaml is
SafeYAML Warning
----------------
You appear to have an outdated version of libyaml (0.1.5) installed on your system.
Prior to 0.1.6, libyaml is vulnerable to a heap overflow exploit from malicious YAML payloads.
For more info, see:
https://www.ruby-lang.org/en/news/2014/03/29/heap-overflow-in-yaml-uri-escape-parsing-cve-2014-2525/
The easiest thing to do right now is probably to update Psych to the latest version and enable
the 'bundled-libyaml' option, which will install a vendored libyaml with the vulnerability patched:
gem install psych -- --enable-bundled-libyaml
只需3个步骤:
psych
bundle config build.psych--启用绑定的libyamlpsych
gem(ruby 2.0+随psych 2.0.0一起提供)
宝石“心理”,“大于2.0.5”psych
bundle config build.psych--启用绑定的libyamlpsych
gem(ruby 2.0+随psych 2.0.0一起提供)
宝石“心理”,“大于2.0.5”psych
bundle config build.psych--启用绑定的libyamlpsych
gem(ruby 2.0+随psych 2.0.0一起提供)
宝石“心理”,“大于2.0.5”psych
bundle config build.psych--启用绑定的libyamlpsych
gem(ruby 2.0+随psych 2.0.0一起提供)
宝石“心理”,“大于2.0.5”