Defect #22085 » redmine_response.txt
| 1 |
If you are running Redmine on debian-lts (squeeze) by any chance, this issue seems to be caused by a passenger security update from the debian-lts team. |
|---|---|
| 2 |
In that case you can downgrade package ibapache2-mod-passenger and hold it at the previous version: |
| 3 |
|
| 4 |
<pre> |
| 5 |
aptitude install libapache2-mod-passenger=2.2.11debian-2 |
| 6 |
aptitude hold libapache2-mod-passenger |
| 7 |
</pre> |
| 8 |
|
| 9 |
*This obviously removes the security fix to CVE-2015-7519 and you have to remember to "unhold" and update passenger as soon as this issue has been clarified/fixed.* |
| 10 |
|
| 11 |
The update seems to cause the Rails request environent used by <pre>libactionpack-ruby1.8: /usr/lib/ruby/1.8/action_controller/request.rb</pre> to be incomplete. |
| 12 |
In particular, <pre>@env['REQUEST_URI']</pre> seems to be <pre>nil</pre>. |
| 13 |
(At least as far as I can tell - not a ruby expert) |
| 14 |
|
| 15 |
Further info on the security update: |
| 16 |
https://blog.phusion.nl/2015/12/07/cve-2015-7519/ |
| 17 |
https://lists.debian.org/debian-lts-announce/2016/01/msg00018.html |
| 18 |
|
