http://weblog.rubyonrails.org/2006/6/27/rails-1-1-3-security-fix-and-minor-fixes Security and performance fixes
Security, interested in this?
For my part, I am, but the description is so vague we need to dig up something more or audit it (the latter not really being an option given the size of the project .-), IMHO.
Pulling in ruby for advise.
I think we're good asking arches to mark 1.1.4 stable. It's the official fix, and if people need earlier verisons within their rails code they can easily do that with all of the goodies that are provided within reails.
I'll second that.
Arches please test and mark stable.
rails-1.1.4 stable on ppc.
x86 should be done ^.^ *crosses fingers*
Stable on SPARC
amd64, about time to mark stable.
amd64 done. sorry about the huge delay.
"a security issue with routing that could cause excess CPU usage in Rails processes when triggered by certain URLs" : voting no.
"While certain URLs cause excess CPU usage, other URLs cause Rails to shut down uncleanly or halt (depending upon deployment environment). You need to upgrade. (It appears that Rails 1.0 is not vulnerable to this DOS, but I haven’t tested.)" (from http://blog.segment7.net/articles/2006/06/28/upgrade-to-rails-1-1-3-now) I'd tend to vote yes. It's a bit weak, but there is corporate ruby stuff out there.
I tend to vote NO.
no too
That should conclude it, then.
Closing with NO GLSA. Feel free to reopen if you disagree.